Approach 4: PKI Trust Domain Based on an External Certificate Authority via SCEP

Last Updated : Apr 07, 2022 |

This option allows identity certificates to be obtained direct from an external Certificate Authority using an automated process.

Potential advantages for identity certificates obtained using SCEP:

  • Generated ID certificates are part of a wider trust domain.

  • ID certificate content format compatible with Avaya components.

  • The root CA certificate is (typically) trusted by 3rd parties and therefore does not need to be distributed.

  • The root CA certificate is always trusted by IP Office components and therefore does not need to be distributed.

  • The certificate creation and distribution process is automated, supporting many systems efficiently.

Potential disadvantages include:

  • Compatibility with SECP servers is currently limited to EJBCA – the CA present on Avaya Aura System Manager (SMGR).

  • Public certificate authorities will not issue certificates for private domains or address ranges.

  • Cost - if using a commercial provider.

  • Control of the CA is external.

  • The certificate policy is subject to commercial considerations.

Related information
Determining Trust Policy