Enrollment over secure transport

The Enrollment over Secure Transport (EST) protocol as specified in RFC 7030, Enrollment over Secure Transport, is used to enroll a certificate from a Certificate Authority (CA). SR OS supports the following EST client-side operations:

download a CA certificate (/cacert)
enroll a new certificate (/simpleenroll)
renew an existing certificate (/simplereenroll)

Use the commands in the following context to perform the EST client-side operations. Each operation requires an EST profile which contains the EST configuration:

MD-CLI
```
admin system security pki est
```
classic CLI
```
admin certificate est
```

The following option is supported for SR OS client to authenticate the EST server:

Use the following command to configure Explicit TA which is referenced in the EST profile.

configure system security tls client-tls-profile trust-anchor-profile

No authentication is performed if this option is not configured.

The following options are supported for the EST server authentication to the SR OS client:

Use the commands in the following contexts to achieve the client certificate authentication by configuring the certificate profile name for the client TLS profile referenced in the EST profile.
```
configure system security tls cert-profile
configure system security tls client-tls-profile
```

Use the following command to configure HTTP authentication.

MD-CLI

configure system security pki est-profile http-authentication

classic CLI

configure system security pki est-profile http-auth

Use the following command to configure the trust anchor profile name referenced in the EST profile.
```
configure system security tls client-tls-profile trust-anchor-profile
```
No authentication is performed if the preceding options are not configured.

Enrollment over secure transport

For consumers

For business

Innovation

About us

Contact and support