Enrollment protocols
Certificate enrollment or management protocols allow clients and devices to communicate directly with your private CA for certificate enrollment, renewal, and other advanced actions.
DigiCert® Private CA supports several industry-standard enrollment protocols that enable secure and automated certificate issuance.
These include:
Simple Certificate Enrollment Protocol (SCEP): Commonly used to automate certificate enrollment for devices and network systems.
Enrollment over Secure Transport (EST) protocol: Provides secure enrollment and renewal of certificates over HTTPS.
Certificate Management Protocol (CMP): Supports advanced certificate management operations for complex PKI environments.
These protocols are implemented according to their respective IETF RFC specifications. This ensures interoperability with a wide range of enterprise systems, routers, and IoT devices that follow these standards.
Actions supported by each protocol:
Protocol | Enroll | Renew | Revoke |
|---|---|---|---|
SCEP | Yes | Yes | Not supported by the protocol. Revoke directly in DigiCert Private CA or through its APIs. |
EST | Yes | Yes | Not supported by the protocol. Revoke directly in DigiCert Private CA or through its APIs. |
CMP | Yes | Yes | Yes |
Each protocol enables devices, routers, and management systems to request and manage end-entity certificates using the protocol natively supported by the client.
When a client connects through one of these protocols, DigiCert Private CA uses a profile to determine how certificates are issued and managed.