EST support in Certificate Manager
This article describes the support for the Enrollment over Secure Transport (EST) protocol in Smart ID Certificate Manager via Protocol Gateway.
The Enrollment over Secure Transport (EST) is a cryptographic protocol that describes an X.509 certificate management protocol targeting Public Key Infrastructure (PKI) clients that need to acquire key pairs, client certificates and associated Certification Authority (CA) certificates over https. Example of functions are initial certificate enrollment, certificate renewal, and CA rollover. EST is defined in RFC 7030. See also Example: EST configuration in Protocol Gateway.
EST endpoints
The EST service is compliant with the EST specification and supports the following endpoints:
endpoint | Operation |
|---|---|
/cacerts | CA Certificates request and response |
/simpleenroll | Simple enrollment and re-enrollment of Clients with response |
/simplereenroll | Simple enrollment and re-enrollment of Clients with response |
/fullcmc | Full Certificate Management over CMS (CMC) request and response |
/csrattrs | Server-side key generation request and response with symmetric and asymmetric private key encryption |
/serverkeygen | Certificate Signing Request (CSR) attributes request and response |
For more information on client authentication and preregistration, see Authentication and preregistration for EST.
For details on the EST protocol, see https://tools.ietf.org/html/rfc7030.
The default configuration for EST and the CoAP proxy is included in est.properties and coap.properties.
CoAP Proxy
Related information
Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions