We currently use SCEP for Cisco Routers with a RedHat CS.
However as far as we can tell, "CA Key Rollover" is not implemented. Furthermore, we can't find any indication that it's implemented in in Dogtag 9 or 10.
Could anyone confirm this?
Does anyone work around this problem?
As far as we can see, few or no CA SW supports this, aside from the IOS CA from Cisco. The SCEP RFC says that the other two PKIX standards for certificate management are superior to SCEP, which has deficiencies, and is quasi-deprecated. Therefore my assumption is, that no one (other than cisco) plans to invest any effort in expanding SCEP support in Dogtag or any other opensource CA software.