Scep
These scenarios show how to configure the SCEP protocol to retrieve certificates from a PKI server.
Test SCEP Protocol With Linux PKI
Description
In this scenario, the SCEP protocol is used to retrieve digital certificates (X509) from a Linux PKI server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 192.168.212.0/22 next-hop 10.215.168.1 set system certificate scep csr CSR cgi-path /scep set system certificate scep csr CSR cipher aes set system certificate scep csr CSR digest sha256 set system certificate scep csr CSR distinguished-names CN=MyUserCert set system certificate scep csr CSR encrypted-password U2FsdGVkX18trrswYN5fbVPFoKl7AOtOlJwKqkNhFOg= set system certificate scep csr CSR port 8080 set system certificate scep csr CSR url 'http://10.215.168.1' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.146 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.146/0.146/0.146/0.000 ms
Step 3: Run command pki scep show CSR at DUT0 and check if output matches the following regular expressions:
ca\s+Valid usercert\s+ValidShow output
------------------------------------------------------------------------------------------------- Certificate Status Usage NotBefore NotAfter ------------------------------------------------------------------------------------------------- ca Valid Encipherment & Signature Apr 16 09:19:39 2025 GMT Apr 11 09:19:39 2045 GMT usercert Valid - Mar 20 14:01:08 2026 GMT Mar 20 14:01:08 2027 GMT
Step 4: Run command pki show certificate running://auth/certificates/scep/CSR/ca/ca.der at DUT0 and check if output contains the following tokens:
Subject: CN = Teldat-PKI, O = Teldat, L = Madrid, C = ESShow output
Certificate: Data: Version: 3 (0x2) Serial Number: 7c:28:60:8a:6f:42:5d:c8:44:f0:10:0d:61:e5:ca:40:11:bc:ea:f2 Signature Algorithm: sha256WithRSAEncryption Issuer: CN = Teldat-PKI, O = Teldat, L = Madrid, C = ES Validity Not Before: Apr 16 09:19:39 2025 GMT Not After : Apr 11 09:19:39 2045 GMT Subject: CN = Teldat-PKI, O = Teldat, L = Madrid, C = ES Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:de:b7:3b:d9:9b:e3:d3:57:9b:b0:33:67:c0:40: 4f:45:84:ea:c2:35:a6:08:3b:3a:fd:6d:fa:d7:2b: 3d:7f:1c:a1:92:15:08:8b:5c:02:ec:6a:66:46:c5: 6f:7f:9b:9d:c3:86:e1:97:47:9b:5e:ea:96:5b:bf: 68:35:96:4f:6e:64:c6:7d:f6:da:6b:f9:bf:98:b1: 32:63:ae:f4:5b:2f:cd:6d:d7:ef:db:01:12:b0:a4: 54:95:6e:e8:84:4a:0a:f1:13:83:13:a1:7a:1d:f4: 06:3f:e3:53:5d:9f:68:a1:a0:5c:51:05:ba:8c:da: 00:11:64:4b:e8:37:c3:70:43:9c:16:dd:46:fb:34: e4:3c:ae:a4:9a:a1:da:cf:a1:f5:93:13:a6:0e:68: 51:31:f7:26:63:a3:8b:47:c3:94:e4:34:d2:b0:36: cf:22:e5:81:dd:a4:01:e8:79:08:37:ad:7a:b9:da: 24:37:cc:53:f4:51:f8:b5:67:09:15:63:52:60:7f: b0:e2:f0:38:cd:3c:13:42:81:5f:e2:dd:e2:c5:37: f3:ef:05:8c:85:2f:2a:0a:f4:94:2f:70:56:7f:7d: a9:f6:ca:69:0b:a7:40:e1:fa:bc:f0:f4:01:7a:76: 55:f4:2a:57:43:8b:f1:87:58:f2:f4:db:23:26:33: f8:4f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: D3:97:2E:56:37:6A:89:77:01:D4:E3:42:0D:EC:E7:10:79:9C:E8:7C X509v3 Authority Key Identifier: keyid:D3:97:2E:56:37:6A:89:77:01:D4:E3:42:0D:EC:E7:10:79:9C:E8:7C DirName:/CN=Teldat-PKI/O=Teldat/L=Madrid/C=ES serial:7C:28:60:8A:6F:42:5D:C8:44:F0:10:0D:61:E5:CA:40:11:BC:EA:F2 X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Key Usage: critical Digital Signature, Key Encipherment, Certificate Sign, CRL Sign Signature Algorithm: sha256WithRSAEncryption Signature Value: 5e:0d:47:96:a2:24:38:fa:62:5b:0c:c2:4e:59:23:79:40:1b: 88:d1:63:11:0b:ce:bc:63:46:cd:70:33:52:75:4b:85:c1:39: be:3c:ce:7c:66:53:63:b4:39:07:ec:ef:52:fe:fa:dc:c1:fb: e4:51:61:28:58:4f:90:71:83:50:7d:62:a9:16:fa:45:89:08: 5f:39:43:6a:b1:bb:ad:4e:6f:50:bc:07:4f:1c:5b:07:df:63: ec:44:20:48:b6:97:00:e2:9d:8e:42:9e:96:5f:71:7a:43:96: de:fd:66:6b:45:85:5d:e4:dc:bf:e9:34:64:4f:3a:7b:33:a0: 54:80:3b:9a:5b:1f:3f:3f:1c:09:a3:8e:d8:b6:2a:ba:b2:07: 87:fa:0f:a5:69:41:06:b1:14:6f:09:4f:bb:88:60:87:70:83: 31:73:ed:2a:03:ca:3c:19:0a:b2:24:61:c6:ce:09:97:ac:6e: da:cb:47:88:c5:f5:a7:74:d2:96:e0:cc:c3:b6:b7:f6:64:9f: ad:1c:7f:36:fd:39:7c:57:54:a5:e9:8a:82:90:4d:cd:74:99: 27:4d:f6:62:a6:96:c5:6e:d3:02:ec:c1:4d:5f:46:b6:82:75: 12:61:d7:a3:d6:70:f6:35:9d:9c:30:06:84:af:b2:cb:a5:a0: 5e:d3:1d:6c
Step 5: Run command pki show certificate running://auth/certificates/scep/CSR/user/cert at DUT0 and check if output contains the following tokens:
Subject: CN = MyUserCertShow output
Certificate: Data: Version: 3 (0x2) Serial Number: 8 (0x8) Signature Algorithm: sha256WithRSAEncryption Issuer: CN = Teldat-PKI, O = Teldat, L = Madrid, C = ES Validity Not Before: Mar 20 14:01:08 2026 GMT Not After : Mar 20 14:01:08 2027 GMT Subject: CN = MyUserCert Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:89:12:3f:05:67:f8:4e:f5:73:78:3a:89:70:01: 72:f6:ad:80:c9:fd:a4:65:8c:18:86:77:36:13:57: be:25:1b:87:7e:d4:42:c4:51:aa:02:74:63:a9:35: 32:1b:1e:41:c4:06:1c:e6:9c:68:1e:0c:30:d5:86: e7:1e:de:12:83:5c:88:39:13:1d:58:86:92:a6:aa: 6a:9e:e3:bb:45:cc:9d:59:7e:54:ff:ee:4d:86:7c: 33:b6:46:c5:83:79:0f:34:39:a5:ed:6e:1a:69:5a: 74:c4:79:0c:c4:78:1d:a9:4e:f3:90:4e:23:3f:35: e8:af:6e:41:94:6c:58:35:e8:1f:52:59:e9:ee:ae: e6:89:c6:c0:9a:f2:90:bf:84:54:0f:43:71:ae:f2: 08:c1:b4:6c:15:43:38:8a:3d:6d:6c:2f:d6:19:2e: 97:f5:9b:99:5b:a9:f0:0b:37:4a:5b:e1:9e:1c:67: c2:3d:78:51:d0:71:5e:3d:bc:75:7c:2e:8b:c8:e6: 3a:44:9e:cc:41:58:0b:65:99:1f:7e:c5:75:55:f5: 44:1b:66:ea:9b:72:f0:93:7c:09:71:0b:76:d4:a2: 8e:a4:35:fa:be:64:80:16:ce:fa:3a:84:7d:b3:41: 7a:3e:1b:b0:cf:34:dd:d4:70:68:91:d4:e5:e2:40: 01:8b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Client Authentication X509v3 Subject Key Identifier: CE:7B:F0:99:DB:C2:09:6A:F2:8D:D9:07:E1:89:70:61:E1:AD:DB:22 X509v3 Authority Key Identifier: D3:97:2E:56:37:6A:89:77:01:D4:E3:42:0D:EC:E7:10:79:9C:E8:7C Signature Algorithm: sha256WithRSAEncryption Signature Value: 5b:7c:66:43:51:68:cd:57:08:09:cd:fa:47:71:c2:48:b0:60: 78:1e:6c:3e:77:c7:29:e8:30:3b:9a:cc:b6:76:75:28:c5:16: ae:34:ea:21:ad:1c:dc:b0:66:d8:89:c9:b4:31:84:c7:60:38: f1:b2:65:0c:f1:c0:a8:b8:1e:1d:72:aa:17:66:a3:86:05:0f: 96:2b:d7:df:f3:55:90:e1:43:86:1f:13:4b:e3:88:c9:f7:0f: 74:22:d9:31:1c:62:02:6d:db:af:95:17:a2:a3:e8:88:0f:25: a5:8b:41:91:10:78:43:62:1d:c6:22:44:00:58:0b:1f:23:93: bf:98:c0:15:b2:50:f0:43:57:95:e7:12:55:cd:48:5a:c2:7c: 32:86:6a:ce:8f:a2:e7:e3:27:c9:7c:0a:89:63:28:32:8c:bb: 3a:a8:be:07:d1:45:cd:7e:5d:f0:ba:a1:e8:30:a2:8c:54:9f: 60:4b:cb:94:35:25:15:a2:7e:37:7e:41:05:cf:56:29:63:14: e8:d6:0f:a2:2f:8b:e8:20:9b:8e:1a:e9:f5:f8:4f:a2:7b:cd: 6d:1e:ad:e0:fa:23:5c:97:11:12:ab:eb:84:20:ba:a7:23:71: 64:a4:c9:b0:b3:b3:b5:a2:b7:5e:42:7c:e1:1c:a2:6c:87:59: 5d:64:8f:70
Test SCEP Protocol With Windows Server PKI
Description
In this scenario, the SCEP protocol is used to retrieve digital certificates (X509) from a Windows PKI server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 192.168.212.0/22 next-hop 10.215.168.1 set system certificate scep csr CSR cgi-path CertSrv/mscep/mscep.dll/pkiclient.exe set system certificate scep csr CSR distinguished-names CN=MyUserCert set system certificate scep csr CSR encrypted-password U2FsdGVkX1+MlMdFZLxwNRa/8AjRy/6YS0Xebj9LKqpeH/vUIgRQsKkWlDHvC8Us0EHY1UpNTJkZ4NsyA02kJQ== set system certificate scep csr CSR url 'http://192.168.213.25/' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.140 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.140/0.140/0.140/0.000 ms
Step 3: Ping IP address 192.168.213.25 from DUT0:
admin@DUT0$ ping 192.168.213.25 count 1 size 56 timeout 1Show output
PING 192.168.213.25 (192.168.213.25) 56(84) bytes of data. 64 bytes from 192.168.213.25: icmp_seq=1 ttl=126 time=0.489 ms --- 192.168.213.25 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.489/0.489/0.489/0.000 ms
Step 4: Run command pki scep show CSR at DUT0 and check if output matches the following regular expressions:
ca\s+Valid usercert\s+ValidShow output
------------------------------------------------------------------------------------- Certificate Status Usage NotBefore NotAfter ------------------------------------------------------------------------------------- ca Valid Signature Jan 9 09:34:41 2026 GMT Jan 9 09:44:41 2056 GMT ra Valid Encipherment Jan 9 09:37:26 2026 GMT Jan 9 09:37:26 2028 GMT ra-2 Valid Signature Jan 9 09:37:25 2026 GMT Jan 9 09:37:25 2028 GMT usercert Valid - Mar 20 13:31:56 2026 GMT Mar 20 13:41:56 2028 GMT
Step 5: Run command pki show certificate running://auth/certificates/scep/CSR/ca/ca.der at DUT0 and check if output contains the following tokens:
Subject: DC = com, DC = scep, CN = scep-TELDATPKI-CAShow output
Certificate: Data: Version: 3 (0x2) Serial Number: 2e:aa:77:9e:fd:8d:47:8d:42:5f:96:57:64:8a:da:d1 Signature Algorithm: sha256WithRSAEncryption Issuer: DC = com, DC = scep, CN = scep-TELDATPKI-CA Validity Not Before: Jan 9 09:34:41 2026 GMT Not After : Jan 9 09:44:41 2056 GMT Subject: DC = com, DC = scep, CN = scep-TELDATPKI-CA Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:be:22:9c:cd:53:99:06:1b:31:57:cd:72:1b:d7: 5d:99:b4:e2:e1:88:80:d4:40:53:49:be:ff:e0:5b: 8b:41:8c:96:e8:99:cd:19:ab:98:4c:99:77:ad:01: fc:51:cf:ea:d8:43:fc:5b:d2:dd:b5:05:04:ae:01: 28:e9:53:5d:bb:d2:65:71:d9:69:3c:04:4d:6b:6e: 8b:95:92:e4:e7:84:57:90:b3:5e:1f:76:34:7f:15: e2:fb:c0:78:bb:ec:a5:be:2f:33:9e:98:06:f1:4c: 1f:cc:ee:85:c2:f1:8f:3c:23:52:a2:94:af:0e:b8: d2:e3:0c:b7:07:49:b9:91:87:3e:76:89:61:f0:88: 4c:2f:da:6b:b9:75:93:6e:e4:e2:f1:19:48:00:f7: af:1b:70:19:15:2b:30:b3:78:24:dc:14:c4:e8:a0: 61:f9:68:09:7d:e9:3e:6f:e0:a3:44:d5:43:f8:78: aa:5f:a8:7a:3a:7c:2c:4e:21:69:24:be:2f:cb:57: bd:60:e8:b9:a5:3b:ad:0c:7b:d9:8d:82:3e:13:96: 8b:59:5a:2b:ec:b6:63:33:21:69:a5:30:b6:bb:84: e9:80:8d:db:3c:94:f7:52:05:76:6a:ed:d6:03:24: d8:97:46:a4:15:41:4d:17:98:7d:20:64:ac:fb:e9: 30:1d Exponent: 65537 (0x10001) X509v3 extensions: 1.3.6.1.4.1.311.20.2: ...C.A X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 18:DA:43:2C:11:47:FC:1A:DA:19:D4:6C:8B:2D:58:AA:75:ED:17:94 1.3.6.1.4.1.311.21.1: ... Signature Algorithm: sha256WithRSAEncryption Signature Value: 3b:f8:53:b9:17:78:98:fa:4a:63:a8:5b:57:bc:f6:67:d8:47: 48:8a:22:2f:d8:39:22:44:c9:f8:aa:fd:e8:81:13:c4:5f:9b: b2:72:0a:35:b1:0c:64:ff:ff:89:05:f0:d7:2a:e4:5f:da:6b: 7b:90:88:5e:6c:77:e5:17:83:19:43:10:35:f8:b5:e3:b8:b5: 16:c1:79:5e:cc:71:00:91:6a:aa:b7:7e:e8:35:99:b3:74:c1: b7:d9:93:8c:6b:4e:64:5a:0a:aa:09:ce:00:d6:f2:f0:f6:87: ec:cd:dc:d0:07:d5:cb:6d:7f:34:72:80:7b:8c:71:f3:d8:f6: a4:38:45:0e:19:79:bd:07:d6:91:a0:4f:4f:2e:55:f1:ca:f7: f3:b1:94:33:7b:f0:76:2b:10:d6:9b:49:ef:96:83:f3:f5:2e: b3:c4:48:13:2f:19:f3:18:7f:4c:7a:09:79:3b:52:94:d9:86: 65:58:32:34:ba:89:6e:54:99:ab:12:7b:f5:3d:61:f3:39:22: 08:ef:7b:77:ba:95:7e:8e:ca:51:4d:80:45:2b:43:d8:b1:37: fb:0c:69:7a:c8:5c:dc:4c:16:5f:a1:09:5c:d6:85:ed:93:76: fa:56:67:fe:fc:97:3c:8d:f8:3c:39:d7:31:07:e6:69:42:3d: 3d:d2:86:1e
Step 6: Run command pki show certificate running://auth/certificates/scep/CSR/user/cert at DUT0 and check if output contains the following tokens:
Subject: CN = MyUserCertShow output
Certificate: Data: Version: 3 (0x2) Serial Number: 11:00:00:0f:24:3f:a7:dc:0a:ca:64:57:bf:00:00:00:00:0f:24 Signature Algorithm: sha256WithRSAEncryption Issuer: DC = com, DC = scep, CN = scep-TELDATPKI-CA Validity Not Before: Mar 20 13:31:56 2026 GMT Not After : Mar 20 13:41:56 2028 GMT Subject: CN = MyUserCert Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:b6:24:42:21:a0:2c:8c:cc:ff:12:05:3a:4d:62: e4:ab:8c:d6:9a:6c:c3:71:50:6f:d0:d1:7a:ec:59: df:bd:49:3f:e2:32:22:5e:7c:60:5b:27:cd:49:f5: 73:e6:19:c8:af:a3:cc:78:02:e8:30:76:69:c6:58: 0b:4e:d4:8d:cd:1a:a3:db:db:40:77:55:7b:b7:ef: 64:78:aa:fe:74:53:94:77:9d:85:84:62:e6:11:55: 32:9d:fb:75:65:9d:1f:95:24:59:c4:fb:f5:61:63: 88:89:0b:c8:42:36:be:80:7a:d1:9c:9a:c0:18:c4: 7a:d8:44:bd:03:df:29:df:9b:ac:78:3c:6a:33:a9: cb:1a:fe:b5:73:15:be:a0:d9:90:f8:e0:bf:26:62: d0:a8:c4:26:77:c4:fc:6a:60:64:c6:6c:c6:fa:b2: 8b:1d:f4:a5:28:bb:de:b0:94:f2:d2:30:1c:b2:28: 54:dc:d7:7e:67:9f:d5:86:00:cb:ec:ce:2c:c9:c7: f8:82:05:3b:fc:a3:37:10:2f:27:03:89:fe:89:0c: 26:67:ca:a5:e5:20:71:39:d7:1f:86:72:42:64:81: 39:1e:db:d8:5b:7d:3f:2e:67:2f:3f:69:b5:25:fa: 43:8f:3a:df:69:63:16:12:f1:b9:14:49:36:32:bc: 7c:cb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 70:C4:DA:2E:2D:47:4C:C7:0A:3C:BE:4C:C2:21:E4:4A:FA:FE:69:96 X509v3 Authority Key Identifier: 18:DA:43:2C:11:47:FC:1A:DA:19:D4:6C:8B:2D:58:AA:75:ED:17:94 X509v3 CRL Distribution Points: Full Name: URI:ldap:///CN=scep-TELDATPKI-CA,CN=TeldatPKI,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=scep,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint Authority Information Access: CA Issuers - URI:ldap:///CN=scep-TELDATPKI-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=scep,DC=com?cACertificate?base?objectClass=certificationAuthority X509v3 Key Usage: critical Digital Signature, Key Encipherment, Data Encipherment 1.3.6.1.4.1.311.21.7: 0..&+.....7.....3......./...(...f<...[...]..d... X509v3 Extended Key Usage: 1.3.6.1.4.1.311.20.1, Microsoft Encrypted File System, Code Signing, Any Extended Key Usage, TLS Web Server Authentication, Signing KDC Response, TLS Web Client Authentication, 1.3.6.1.4.1.311.21.5, 1.3.6.1.4.1.311.20.2.1, 1.3.6.1.5.5.8.2.2 1.3.6.1.4.1.311.21.10: 0y0...+.....7..0.. +.....7 ..0 ..+.......0...U.%.0 ..+.......0...+......0 ..+.......0...+.....7..0.. +.....7...0 ..+....... S/MIME Capabilities: 050...*.H.. ......0...*.H.. ......0...+....0 ..*.H.. .. Signature Algorithm: sha256WithRSAEncryption Signature Value: 29:dc:08:57:93:d4:a1:f5:db:f0:28:0c:9f:36:e4:da:2f:0c: bc:66:6c:b8:41:f9:e1:be:5f:5c:a2:b3:4c:eb:1f:dd:02:db: 64:ca:7d:a5:5d:e8:2c:88:f5:9c:23:c2:00:d8:11:03:c2:db: c9:7e:95:94:2f:55:14:4b:38:f4:9d:fe:9b:6c:cd:5d:a3:e1: d4:6d:57:37:24:32:03:99:f1:3c:7b:a5:77:a3:e0:6d:4c:ed: 22:26:e9:43:bf:78:e4:fa:66:85:56:6b:9f:c9:ff:2d:7c:7d: 45:d8:31:9c:00:d7:7b:92:f0:7f:5d:f9:44:0f:cb:1d:d3:97: 6c:e0:a7:f4:b2:26:45:62:76:da:6b:7d:84:0e:42:9e:12:60: cf:c7:33:54:50:b1:68:a3:b0:ab:d9:bc:33:27:7c:7b:d3:35: c5:87:49:1b:12:03:db:c1:9d:56:5d:2e:aa:6a:1c:67:aa:b6: 6b:13:38:5d:44:c4:ad:4d:6c:b2:a0:99:cd:f4:46:c2:dc:92: 15:21:44:a8:6a:a5:93:45:d9:d7:24:01:5d:e0:c4:ea:a6:e0: cc:a7:73:7c:a2:47:42:e2:ac:ca:92:39:61:73:70:e6:4e:70: 92:e0:b1:6d:e0:08:23:1b:9e:6b:62:f3:4e:e2:76:4c:cc:f5: 3d:e8:de:8e