Adding EST endpoints

Add an EST endpoint

  1. Navigate to Enrollment  EST.

  2. Click the Add icon.

  3. In the Create Enrollment Endpoint dialog, provide a name to help identify the endpoint.

  4. Select the type of certificate to be issued through the endpoint.

  5. Click Next.

  6. Complete the Details tab based on the information provided in the following table.

    Field Description

    URI Extension

    The URI extension used to create a unique URL for the endpoint that EST clients will use to connect to the SCM EST server.

    The URL is automatically shown below the URI Extension field. This URL should be used on the EST client configuration so the client can access the EST server.

    Organization

    The organization associated with the endpoint.

    The organization cannot be changed once the endpoint is created.

    Department

    The department associated with the endpoint.

    The department cannot be changed once the endpoint is created.

    Profile

    The certificate profile used when enrolling certificates through the endpoint.

    Automatically approve certificate requests

    When selected, certificate requests are automatically approved when requested through the endpoint.

    CAs

    When the issuer CA cannot be determined from the certificate profile, a CA must be selected to provide a CA certificate to the EST client when requested.

  7. Complete the Authentication tab based on the information provided in the following table.

    Field Description

    Username/Password

    The username and password used to authenticate the EST client. The password is mandatory when certificate authentication is not in use.

    The username is optional.

    Enable Certificate Authentication

    When selected, certificate requests are automatically approved without needing administrator approval in SCM. This overrides any approval requirements configured in the certificate profile.

    Authentication Certificate Issuer

    One or more issuer certificate(s) in .pem format to validate the EST client certificate during authentication.

    Certificate Revocation Check

    How the EST endpoint should check the EST client certificate revocation status.

    The possible values are:

    • None — No revocation check is performed.

    • Certificate Revocation List — The endpoint checks the EST client certificate against the Certificate Revocation List (CRL).

    • Online Certificate Status Protocol — The endpoint checks the EST client certificate against the Online Certificate Status Protocol (OCSP).

    • Auto — The endpoint automatically selects the best method to check revocation based on the EST client certificate.

  8. Click Save.