There are issues with the enrollment protocols used today to distribute trusted identities to things. The latest standardized certificate enrollment protocol, Enrollment over Secure Transport (EST), solves these problems. “We are happy to announce that we are one of the first in the world to launch server-side support for EST in a commercially available certificate authority (CA) software,” says Martin Furuhed at identity and security company Nexus Group.
PRESS RELEASE 2017-02-07 Things and software need trusted identities to be able to communicate securely and avoid hijacking. The trustworthiness of the identities is ensured by digital certificates, which are obtained either manually or via online services using different certificate enrollment protocols.
“EST offers a more streamlined process and is easier to handle than the certificate enrollment protocols that are used today. EST is also more secure and comprehensive,” says Martin Furuhed, product owner of Nexus Certificate Manager, one of the first commercial CA software’s to provide support for EST.
For example, EST offers re-enrollment for obtaining new client certificates as well as updating of CA certificates, which is important for life-cycle handling of devices and for meeting security requirements for the internet of things (IoT), according to Furuhed.
“We think that EST will become the most widely used protocol for obtaining and renewing certificates,” says Furuhed.
EST was standardized in 2013 as RFC 7030, with Cisco as the main contributor, and Cisco has built a reference implementation for testing purposes.
“EST is perfect for things such as ATMs, surveillance cameras, routers, servers and smart home devices. Now that there are commercial EST servers available, we believe the number of manufacturers that will build client support for EST will grow quickly. It is also possible to incorporate EST support with a firmware upgrade for existing devices,” says Furuhed.