Enrollment Over Secure Transport or EST Protocol
What is EST(Enrollment Over Secure Transport)?
The Enrollment over Secure Transport protocol or EST is a certificate management protocol that automates the issuance and provisioning of X.509 certificates. The protocol has been defined in RFC 7030 (ratified in 2013) and developed for clients that use public key infrastructure (PKI), such as web servers, applications, and endpoint devices.
The protocol helps configure PKI clients to request for certificates from trusted certificate authorities (CAs) and receive them over secure HTTPS without any human intervention.
What is the purpose of EST?
The main goal of EST is to simplify and secure certificate enrollment. EST helps ensure certificates are correctly configured and deployed at scale by automating the process. Removing human intervention naturally reduces the risk of misconfigurations, and, in turn, the reduces the possibility of outages and security compromises. Automating enrollment also helps free up time for PKI personnel who are otherwise caught up in the perpetuity of getting certificates issued and provisioning them.
Let’s get you started on your certificate automation journey
How does EST work?
In an enterprise PKI setup, the EST server sits between a client and a certificate authority (CA) and plays the role of a traditional Registration Authority (RA) – receive a certificate signing request (CSR) from a client, validate the client, forward the request to the corresponding CA, get the certificate issued, and finally provision it to the client.
The EST communication between a client and a certificate authority happens as follows:
- The client hits the server with a request to communicate over TLS. The server responds to the request by presenting its TLS certificate.
- The client checks the certificate to verify the legitimacy of the server. Next, it requests the chain of trust from the server and verifies it, including any intermediate certificates that lie between the root and the EST CA, and stores the root certificate.
- The client generates a key and a CSR and sends the CSR to the server.
- The EST server forwards the CSR to the CA and receives a new certificate. It then sends the newly signed certificate back to the client.
Why is EST better than SCEP?
EST and Simple Certificate Enrollment Protocol (SCEP) are both protocols used to automate certificate enrollment. However, EST is the successor to SCEP, therefore, more evolved than its predecessor. SCEP has been around since 1990 and is widely used for obtaining x.509 certificates. Yet, it is not standardized by the Internet Engineering Task Force (IETF) as it has failed to clear the vetting process. On the other hand, EST is standardized and is highly recommended by IETF as it delivers key advantages for today’s complex PKI environments that SCEP doesn’t.
Advantages of EST
- Secure transport: EST requests are always communicated over TLS for secure transport of messages and certificates. Using TLS makes EST inherently secure. There is no further need to encode the messages to maintain integrity as SCEP does. SCEP transports messages over HTTP and requires messages to be enveloped in PkcsPKIEnvelope.
- Secure CSR Authentication: With EST, the certificate signing request (CSR) can be linked to a trusted requestor and authenticated with TLS. The certificate is only issued to the requesting entity that owns the private key. But when using SCEP, the CSR is authenticated using a shared secret between the client and the CA. Using a shared secret introduces security risks as anyone with access to the shared secret can generate certificates for any entity and exploit the trust established by the certificate.
- Cryptographic Agility: Unlike SCEP, EST supports advanced cryptographic algorithms, such as elliptic curve cryptography (ECC) and elliptic curve digital signature algorithm (ECDSA). SCEP doesn’t support ECC because the PKCS 7 methods that it uses for data protection rely only on the RSA encryption algorithm. EST’s ability to support more cryptographic algorithms allows organizations to be more crypto-agile in the face of modern threats. Also, EST is considered to be computationally more efficient, which favors devices with limited resources.
- Automated certificate renewal: EST supports automatic certificate renewals. Although a recent SCEP draft introduced renewal messages, the messages were not commonly deployed in SCEP implementations. As a result, existing SCEP implementations necessitate considerable upgrades to administration systems to support automated certificate renewal. In other words, renewal is an integral part of EST, while in SCEP, it is rather an addition.
- Server-side key generation: Server-side key generation is essential in resource PKI (RPKI) environments or constrained devices that cannot generate a random private key. SCEP supports private key generation only on the client-side, whereas EST supports the private key generation on the server-side as well with an enrollment request.
- Certificate Revocation: EST does not provide a mechanism to retrieve a certificate’s revocation status. However, options, such as Online Certificate Status Protocol (OCSP) and OCSP stapling can be used for revocation. Although SCEP provides a certificate revocation list (CRL) retrieval message so that endpoints can receive the revocation status of a specific certificate, it is not entirely useful as CRLs have been deprecated by Firefox in favor of OCSP.
As the number of machines and applications grows, so does the importance of securing them with PKI-based certificates. EST is an effective mechanism that helps simplify the large-scale management of certificates by building a robust, fast, and secure enrollment process.
2023 EMA Report: SSL/TLS Certificate Security-Management and Expiration Challenges