[3.0.0] - 2025-09-04
๐ MAJOR RELEASE - Complete SCEP PKI Implementation
๐ก Full SCEP (Simple Certificate Enrollment Protocol) Server
-
โจ PKCS#7 Message Processing: Enterprise-grade PKI operations
- Complete PKCS#7 parsing and generation using
node-forgelibrary - Full implementation of SCEP PKIOperation endpoint with message validation
- Proper SCEP response generation with correct content types and error handling
- Support for enveloped data parsing and certificate signing request extraction
- Impact: Production-ready SCEP server for automated device certificate enrollment
- Complete PKCS#7 parsing and generation using
-
๐ Advanced Authentication & Security: Challenge-based enrollment protection
- Time-based challenge password system with configurable expiration
- One-time-use challenge validation with automatic cleanup
- Rate limiting on certificate generation operations
- Command injection protection for all mkcert CLI operations
- Impact: Secure device enrollment with enterprise-grade authentication
๐ Complete SCEP Protocol Compliance
-
๐ Standard SCEP Operations: Full protocol support
GET /scep?operation=GetCACert- CA certificate distributionGET /scep?operation=GetCACaps- Server capabilities announcementPOST /scep?operation=PKIOperation- PKCS#7 certificate request processing- Proper SCEP message types (PKCSReq, CertRep) with transaction ID tracking
- Compliance: Supports iOS, macOS, Windows, and other SCEP-compatible clients
-
๐ง Management API Suite: Complete SCEP administration interface
POST /api/scep/challenge- Generate challenge passwords with expirationGET /api/scep/challenges- List active challenges with status trackingPOST /api/scep/certificate- Manual certificate generation for testingGET /api/scep/certificates- SCEP certificate inventory managementGET /api/scep/config- Complete SCEP server configuration display- Features: Real-time challenge management and certificate lifecycle tracking
๐จ Modern Web Interface
- ๐ฅ๏ธ Unified SCEP Management: Professional web-based administration
/scep.html- Complete SCEP management interface with modern styling- Dark/light theme integration matching main application design
- Real-time challenge password generation and tracking
- Certificate inventory with creation dates and status indicators
- SCEP configuration display with copy-paste ready URLs
- UX: Consistent styling with main certificate manager interface
๐ง Technical Infrastructure
-
๐ฆ New Dependencies: Enhanced cryptographic capabilities
node-forge@^1.3.1- PKCS#7 parsing and cryptographic operationsasn1js@^3.0.6- Additional ASN.1 structure support- New utility modules:
src/utils/pkcs7.jsfor SCEP message processing - Architecture: Modular design with proper separation of concerns
-
๐ Comprehensive Documentation: Complete implementation guide
- Enhanced
SCEP.mdwith full protocol documentation and examples - Updated
README.mdwith SCEP feature highlights and setup instructions - API documentation with request/response examples
- Command-line testing guide for SCEP operations
- Coverage: Production deployment guide and troubleshooting information
- Enhanced
๐งช Testing & Validation
- โ
Verified SCEP Operations: Comprehensive endpoint testing
- CA certificate retrieval functioning with proper PEM format
- SCEP capabilities correctly listing supported features
- PKI operation processing PKCS#7 requests with proper error handling
- Challenge password lifecycle management with expiration tracking
- Quality: All endpoints tested and verified working correctly
๐ Breaking Changes
- ๐ Version Bump: 2.x.x โ 3.0.0 due to major feature addition
- ๐ New Routes: SCEP endpoints added without affecting existing functionality
- โ๏ธ Configuration: New optional SCEP-related environment variables
๐ฏ Migration Guide
- โ Backward Compatible: All existing certificate management features preserved
- ๐ง Optional Features: SCEP functionality available without configuration changes
- ๐ New Capabilities: Access SCEP management at
/scep.html