Enrollment protocols
Certificate enrollment or management protocols allow clients and devices to communicate directly with your private CA for certificate enrollment, renewal, and other advanced actions.
DigiCert® Private CA currently supports these protocols for on-premises setups:
Simple Certificate Enrollment Protocol (SCEP)
Enrollment over Secure Transport (EST) protocol
Certificate Management Protocol (CMP)
These protocols are implemented according to their respective IETF RFC specifications. This ensures interoperability with a wide range of enterprise systems, routers, and IoT devices that follow these standards.
Actions supported by each protocol:
Protocol | Enroll | Renew | Revoke |
|---|---|---|---|
SCEP | Yes | Yes | No |
EST | Yes | Yes | No |
CMP | Yes | Yes | Yes |
Each protocol enables devices, routers, and management systems to request and manage end-entity certificates using the protocol natively supported by the client.
When a client connects through one of these protocols, DigiCert Private CA uses a profile to determine how certificates are issued and managed.