Skip to main content

Configure and test EST

Configure the DigiCert​​®​​ Trust Lifecycle Manager and CA Manager applications to be able to enroll and provision certificates via the Enrollment over Secure Transport (EST) protocol.

Trust Lifecycle Manager’s EST protocol implementation is based on IETF’s RFC7030 EST standard.

  • All operations are submitted over HTTPS.

  • It supports the issuance of both RSA and ECDSA certificates.

  • The EST service supports the following operations/client requests:

    • cacerts: To obtain the CA certificates and establish the trust anchor.

    • simpleenroll: To enroll new end-entity certificates.

    • simplereenroll: To renew existing end-entity certificates.

  • EST client enrollment requests can be authenticated in one of two ways:

    • Enrollment Code: The client must provide a valid enrollment code that was pre-registered in Trust Lifecycle Manager. You can assign enrollment codes to individual clients or configure a global enrollment code to share with all clients.

    • TLS Certificate Auth: The client request must include an authentication certificate signed by a trusted CA configured in Trust Lifecycle Manager. Optionally, you can restrict client access by IP address.