Proxy SCEP to ACME?

It's been a few years since I've seen it discussed here. Is anyone aware of anything that can proxy a request to a SCEP Server as an ACME client?

I've a number of network devices that require publicly trusted certificates, and only support SCEP for furnishing certificates.

smallstep has one, not sure it can used as proxy though


It can't. In this setup, smallstep is the CA and performs the issuance, not an ACME server.


3 years ago, someone on Github tried it looks like it:

Not much info there though.

Tried to compile it and that seems to work. It's simply tying the lego ACME client together with a SCEP server written in Go.


Hi @DN0000, and welcome to the LE community forum :slight_smile:

Should that be?:
Is anyone aware of anything that can take a request to a SCEP Server and proxy/modify it as an ACME client to an ACME server?


See my post just above you?

I'm just trying to understand the question clearly.
Your post is a reply to the question [that I'm asking clarity on].


Ah, to me, it didn't come across as a request for clarity, so I didn't understand it.

Clarified wonderfully, thanks!


I recall seeing a few open source "enterprise grade" certificate managers about 3 years ago that would speak ACME to LetsEncrypt/etc to obtain certificates as needed, but spoke different protocols internally. I don't have any bookmarked, but they were all basically Certificate Managers that added in an ACME client.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.