SCEP library for FreeRTOS

ma2teo · March 15, 2023, 11:29am

Hi there,
I am looking for a SCEP library runnable on FreeRTOS.
My project consists in FreeRTOS as OS, mbedTLS as security layer and LwIP as network stack. I need for a SCEP protocol to enroll certificates.
Searching, I find only libraries for operating system more complex as Linux, Windows, … .
I would like to know if someone has already faced my same task and has detected a SCEP library for FreeRTOS.
Any kind of indications will be appreciated.
Thanks in advance,
Matteo

PaulB-AWS · March 15, 2023, 5:57pm

@ma2teo I’m not aware of any SCEP implementations targeting mbedtls / FreeRTOS.

You could probably build a client using the coreHTTP library for the http portion of the implementation.

If you are able to choose the protocol in use, you might find that EST (specified in RFC 7030) or ACME (RFC 8555) are a bit easier to implement since they rely on an underlying secure transport (usually TLS) rather than something bespoke.

Finally, If you are planning to connect to AWS IoT Core, you could look at the AWS IoT Fleet Provisioning MQTT API as an alternative to SCEP, EST, or ACME for renewing certificates. We have an example of using the Fleet Provisioning API in FreeRTOS+.

ma2teo · March 16, 2023, 4:39pm

Hi @PaulB-AWS,
Thanks for the suggestions.
Build a SCEP client on top of coreHTTP client could be reasonable. First I should evaluate the complexity of the SCEP protocol.
About the last two considerations, I have to contact a specific PKI authority and only the SCEP protocol is allowed.
Thanks again.
Regards,
Matteo

PaulB-AWS · March 16, 2023, 6:52pm

@ma2teo Happy to help.

Please do post back here if you find a good solution. I’m sure others have similar needs.