Computer technology is continually advancing, resulting in continually evolving uses for computers. One such use is communicating with other computers over a network, such as the Internet, to obtain or exchange information, purchase or sell goods or services, etc. One particular type of communication that can be established is referred to as a “virtual private network” or “VPN”. In a VPN, portions of a network (such as the Internet) are used to establish secure communications from one computer to another via multiple different routers in the network. The VPN allows users to use the larger network (e.g., the Internet) to connect to another computer as if they were part of a dedicated secure network.
In order to operate as part of a VPN, a router enrolls for a VPN certificate via a certificate authority (CA). This VPN certificate is then provided to other routers that are part of the VPN and is used to authenticate the router and may also be used to securely communicate with the other routers. However, different protocols for enrolling for VPN certificates have arisen, many of which are incompatible with one another. For example, many routers available from Cisco Systems, Inc. of San Jose, Calif. use a proprietary protocol called Simple Certificate Enrollment Protocol (SCEP) for obtaining VPN certificates, while many certificate authorities available from Microsoft Corporation of Redmond, Wash. use an incompatible enrollment protocol based on Public-Key Cryptography Standard (PKCS) #10 and PKCS #7. Thus, a router using SCEP would not be able to enroll for a VPN certificate from a CA using PKCS #10 and PKCS #7.
Additionally, many routers and CAs are already manufactured and in use that operate based on such incompatible protocols. Therefore, re-designing such routers or CAs to be compatible with one another would require the replacement of many such pre-existing devices. Thus, it would be beneficial to provide a solution that allows routers and CAs (including pre-existing routers and CAs) operating based on incompatible protocols to communicate with one another for VPN certificate enrollment.
The VPN enrollment protocol gateway described below addresses these and other disadvantages.