Provisioning and administration of the certificates is handled by an SCEP server that fulfills the usual function of a Certificate Authority (CA) as well as the SCEP functions. This server can, for example, be implemented as a Windows 2003 Server CA by using a special plug-in (mscep.dll). There are also a number of other CA solutions which work with SCEP, such as the OpenSource solution OpenCA (www.openca.org).
The SCEP extension such as with mscep.dll creates an additional instance on the server and processes requests from SCEP clients for forwarding to the actual CA. This instance is referred to as the Registration Authority (RA).
The VPN devices (i.e. the LANCOM VPN Router) are SCEP clients that attempt to automatically retrieve the necessary certificates from the central server. Also generally required by the SCEP procedure are the RA (Registration Authority) certificates as signed by the CA. For VPN operations the LANCOM VPN Routers mainly require valid system certificates (device certificates). Any other certificates which may be in use only apply to the SCEP procedure.