L.1 Certificate Enrollment Protocols

Several options exist for protocols to enrol a certificate with a CA:

  • Simple Certificate Enrollment Protocol (SCEP) is a general-purpose enrollment protocol specified in RFC 8894.
  • Enrollment over Secure Transport (EST) is an enrollment protocol that uses HTTPS as transport and relies on TLS for its security. Due to its reliance on HTTPS, it can be integrated into complex environments requiring the use of proxies. It is specified in RFC 7030.
  • Certificate Management Protocol (CMP) is a complex but flexible enrollment protocol that provides end-to-end security. It is specified in RFC 4210 and RFC 4211.
  • Certificate Management over CMS (CMC) is similar to CMP. It is specified in RFC 5272 and RFC 5273.