Enrollment over Secure Transport

Document Type Replaced Internet-Draft (individual)
Author Max Pritikin 
Last updated 2012-01-12 (latest revision 2011-07-11)
Replaced by RFC 7030
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-pkix-est
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document specifies a protocol for certificate Enrollment over Secure Transport (EST). EST is a certificate enrollment protocol that operates over HTTPS, and thus should be trivially accessible by modern clients. The Certificate Management over CMS (CMC) "Simple PKI Request" and "Simple PKI Response" messages are leveraged. EST is designed to be easily implemented by clients and servers running other common enrollment mechanisms such as Simple Certificate Enrollment Protocol (SCEP). Renewal and rekey mechanisms are described consistent with Certificate Management Protocol (CMP).


Max Pritikin (pritikin@cisco.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)