EST has been put forward as a replacement for SCEP, being easier to implement on devices already having an HTTPS stack.
EST uses HTTPS as transport and leverages TLS for many of its security attributes.
EST has described standardized URLs and uses the well-known Uniform Resource Identifiers (URIs) definition codified in RFC 5785.
EST has a following set of operations: The basic functions of EST were designed to be easy to use and although not a REST API, it can be used in a REST-like manner using simple tools such as OpenSSL and cURL.
A simple command to make initial enrollment with a pre-generated PKCS#10 Certificate Signing Request (stored as device.b64), using one of the authentication mechanisms (username:password) specified in EST is: curl -v --cacert ManagementCA.cacert.pem --user username:password --data @device.b64 -o device-p7.b64 -H "Content-Type: application/pkcs10" -H "Content-Transfer-Encoding: base64" https://hostname.tld/.well-known/est/simpleenroll The issued certificate, returned as a Base64-encoded PKCS#7 message, is stored as device-p7.b64.