Start of change

Using Enrollment over Secure Transport (EST)

Enrollment over Secure Transport (EST) is the successor to Simple Certificate Enrollment Protocol (SCEP), initially sponsored by Cisco. SCEP has not be standardized. EST is standardized by RFC7030, which profiles certificate enrollment for clients using Certificate Management over CMS (CMC) messages over a secure transport (RFC5272 - updated by RFC6402). This protocol aims to provision certificates in a more robust manner than the traditional SCEP. It also supports ECC certificates. Cisco IOS Software and Cisco IOS XE support EST.

PKI Services supports the following EST functions:
  1. cacerts: requests the EST CA certificates (the whole chain of the issuers' certificates) using Simple PKI Request.
  2. simpleenroll: requests a certificate with supplied public key using Simple PKI Request.
  3. simplereenroll : requests a renew or rekey certificate with supplied public key using Simple PKI Request.
End of change