Document toolboxDocument toolbox

EST support in Certificate Manager

This article describes the support for the Enrollment over Secure Transport (EST) protocol in Smart ID Certificate Manager via Protocol Gateway. 

The Enrollment over Secure Transport (EST) is a cryptographic protocol that describes an X.509 certificate management protocol targeting Public Key Infrastructure (PKI) clients that need to acquire key pairs, client certificates and associated Certification Authority (CA) certificates over https. Example of functions are initial certificate enrollment, certificate renewal, and CA rollover. EST is defined in RFC 7030. See also Example: EST configuration in Protocol Gateway.

EST endpoints

The EST service is compliant with the EST specification and supports the following endpoints: 

endpoint

Operation

endpoint

Operation

/cacerts

CA Certificates request and response

/simpleenroll

Simple enrollment and re-enrollment of Clients with response

/simplereenroll

Simple enrollment and re-enrollment of Clients with response

/fullcmc

Full Certificate Management over CMS (CMC) request and response

/csrattrs

Server-side key generation request and response with symmetric and asymmetric private key encryption

/serverkeygen

Certificate Signing Request (CSR) attributes request and response

For more information on client authentication and preregistration, see Authentication and preregistration for EST. 

For details on the EST protocol, see https://tools.ietf.org/html/rfc7030. 

EST support in Protocol Gateway
EST support in Protocol Gateway

The default configuration for EST and the CoAP proxy is included in est.properties and coap.properties. 

CoAP Proxy

Related information



Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions