Adding EST endpoints

Add an EST endpoint

Navigate to Enrollment EST.
Click the Add icon.
In the Create Enrollment Endpoint dialog, provide a name to help identify the endpoint.
Select the type of certificate to be issued through the endpoint.
Click Next.

Complete the Details tab based on the information provided in the following table.

Field	Description
URI Extension	The URI extension used to create a unique URL for the endpoint that EST clients will use to connect to the SCM EST server. The URL is automatically shown below the URI Extension field. This URL should be used on the EST client configuration so the client can access the EST server.
Organization	The organization associated with the endpoint. The organization cannot be changed once the endpoint is created.
Department	The department associated with the endpoint. The department cannot be changed once the endpoint is created.
Profile	The certificate profile used when enrolling certificates through the endpoint.
Automatically approve certificate requests	When selected, certificate requests are automatically approved when requested through the endpoint.
CAs	When the issuer CA cannot be determined from the certificate profile, a CA must be selected to provide a CA certificate to the EST client when requested.

Field

Description

URI Extension

The URI extension used to create a unique URL for the endpoint that EST clients will use to connect to the SCM EST server.

The URL is automatically shown below the URI Extension field. This URL should be used on the EST client configuration so the client can access the EST server.

Organization

The organization associated with the endpoint.

The organization cannot be changed once the endpoint is created.

Department

The department associated with the endpoint.

The department cannot be changed once the endpoint is created.

Profile

The certificate profile used when enrolling certificates through the endpoint.

Automatically approve certificate requests

When selected, certificate requests are automatically approved when requested through the endpoint.

CAs

When the issuer CA cannot be determined from the certificate profile, a CA must be selected to provide a CA certificate to the EST client when requested.

Complete the Authentication tab based on the information provided in the following table.

Field Description

Field	Description
Username/Password	The username and password used to authenticate the EST client. The password is mandatory when certificate authentication is not in use. The username is optional.
Enable Certificate Authentication	When selected, certificate requests are automatically approved without needing administrator approval in SCM. This overrides any approval requirements configured in the certificate profile.
Authentication Certificate Issuer	One or more issuer certificate(s) in `.pem` format to validate the EST client certificate during authentication.
Certificate Revocation Check	How the EST endpoint should check the EST client certificate revocation status. The possible values are: None — No revocation check is performed. Certificate Revocation List — The endpoint checks the EST client certificate against the Certificate Revocation List (CRL). Online Certificate Status Protocol — The endpoint checks the EST client certificate against the Online Certificate Status Protocol (OCSP). Auto — The endpoint automatically selects the best method to check revocation based on the EST client certificate.

Username/Password

The username and password used to authenticate the EST client. The password is mandatory when certificate authentication is not in use.

The username is optional.

Enable Certificate Authentication

When selected, certificate requests are automatically approved without needing administrator approval in SCM. This overrides any approval requirements configured in the certificate profile.

Authentication Certificate Issuer

One or more issuer certificate(s) in .pem format to validate the EST client certificate during authentication.

Certificate Revocation Check

How the EST endpoint should check the EST client certificate revocation status.

The possible values are:

None — No revocation check is performed.
Certificate Revocation List — The endpoint checks the EST client certificate against the Certificate Revocation List (CRL).
Online Certificate Status Protocol — The endpoint checks the EST client certificate against the Online Certificate Status Protocol (OCSP).
Auto — The endpoint automatically selects the best method to check revocation based on the EST client certificate.

Click Save.