- Read Me First
- Cisco IOS XE PKI Overview Understanding and Planning a PKI
- Deploying RSA Keys Within a PKI
- Configuring Authorization and Revocation of Certificates in a PKI
- Configuring Certificate Enrollment for a PKI
- PKI Credentials Expiry Alerts
- Configuring and Managing a Cisco IOS XE Certificate Server for PKI Deployment
- Storing PKI Credentials
- Source Interface Selection for Outgoing Traffic with Certificate Authority
- PKI Trustpool Management
- PKI Split VRF in Trustpoint
- EST Client Support
- OCSP Response Stapling
- Finding Feature Information
- Prerequisites for EST Client Support
- Restrictions for EST Client Support
- Information About EST Client Support
- How to Configure EST Client Support
- Configuration Examples for EST Client Support
- Additional References for EST Client Support
- Feature Information for EST Client Support
EST Client
Support
The EST Client Support feature allows you to enable EST (Enrolment Over Secure Transport) for all trustpoints while using SSL or TLS to secure transport.
- Finding Feature Information
- Prerequisites for EST Client Support
- Restrictions for EST Client Support
- Information About EST Client Support
- How to Configure EST Client Support
- Configuration Examples for EST Client Support
- Additional References for EST Client Support
- Feature Information for EST Client Support
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Prerequisites for EST Client Support
Restrictions for EST Client Support
Information About EST Client Support
Overview of EST Client Support
The EST Client Support feature allows you to use Enrollment over Secure Transport (EST) as a certificate management protocol for provisioning certificates. With the existing SCEP enrollment integrated within the PKI component, the addition of EST will introduce a new component that will use SSL or TLS to secure the transport. PKI will store all certificates.
To enable EST support, the EST client is required to authenticate the server during TLS connection establishment. For this authentication, the TLS server may require the client's credentials.
How to Configure EST Client Support
Configuring a Trustpoint to Use EST
Perform this task to configure a trustpoint to use EST (Enrolment Over Secure Transport) by enabling the user to use the enrollment profile.
1.
enable
2.
configure
terminal
3.
crypto pki profile
enrollment
label
4.
method-est
5.
enrollment url
url [vrf
name]
6.
enrollment
credential
label
7.
exit
8.
show crypto pki profile
9.
show crypto pki
trustpoint
DETAILED STEPS
Configuration Examples for EST Client Support
Example: Configuring a Trustpoint to Use EST
The following example shows how to configure a trustpoint to use Enrollment over Secure Transport (EST):
crypto pki profile enrollment pki_profile method-est enrollment url http://www.example.com/BigCA/est/simpleenroll.dll enrollment credential test_label
Additional References for EST Client Support
Related Documents
|
Related Topic |
Document Title |
|---|---|
|
Cisco IOS commands |
|
|
Security commands |
|
Standards and RFCs
|
Standard/RFC |
Title |
|---|---|
|
RFC 7030 |
Enrollment over Secure Transport |
|
RFC 2818 |
HTTP Over TLS |
|
RFC 6125 |
Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS) |
|
RFC 2510 |
Internet X.509 Public Key Infrastructure Certificate Management Protocols |
|
RFC 4210 |
Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP) |
Technical Assistance
| Description | Link |
|---|---|
|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |
http://www.cisco.com/cisco/web/support/index.html |
Feature Information for EST Client Support
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.|
Feature Name |
Releases |
Feature Information |
|---|---|---|
|
EST Client Support |
Cisco IOS XE Release 3.14S |
The EST Client Support feature allows you to enable EST (Enrolment Over Secure Transport) for all trustpoints while using SSL or TLS to secure transport. The following command was introduced: method-est |
Feedback