[Pki-users] Queries on Doghat support

Hi All, We are looking at using Doghat CA server with Cisco routers. I had a few questions on the support included in Doghat certificate system. I just started working on PKI, so please excuse if the questions are quite basic. 1. The Doghat system is built on top of NSS (Network Security Services). Does it have any issues working with Cisco routers as clients using SCEP? Would there be any OpenSSL and NSS interactions in this case? 2. Does Doghat support CA Certificate rollover? When CA certificate is about to expire, CA creates a shadow certificate. All the endpoints associated with that CA can then renew their ID certificates (this requires support for SCEP Messages such as GetNextCACert, GetCACaps). Thanks in advance for your help! -Abha