# Supported Protocols (ACME, SCEP, EST etc)

CERTInext supports multiple industry-standard certificate enrollment and automation protocols to enable seamless integration across cloud platforms, DevOps pipelines, network devices, enterprise directories, and legacy systems. These protocols can be configured under:

**Integrations → APIs → + New API Credentials**

When creating new API credentials, users can select the required protocol type from the **API Type** dropdown.

#### ACME (Automated Certificate Management Environment)

ACME enables fully automated certificate issuance and renewal, commonly used for web servers, load balancers, and DevOps environments.

<figure><img src="/files/35Qr2l8EHvQoUG69WXDN" alt=""><figcaption></figcaption></figure>

**Typical Use Cases:**

* Web server automation (Nginx, Apache, IIS)
* Kubernetes ingress controllers
* Cloud-native workloads
* CI/CD pipelines

**Configuration Highlights:**

* Select API Type: **ACME**
* Associate with User, Groups, and Product
* Generate API credentials
* Use ACME client to connect to CERTInext ACME endpoint

ACME supports automated DCV methods such as HTTP-01 and DNS-01, depending on CA configuration.

#### REST API

REST APIs provide programmatic access to certificate lifecycle operations including issuance, renewal, revocation, and reporting.

<figure><img src="/files/RIfpU4M7uO4ZH8YTNTUK" alt=""><figcaption></figcaption></figure>

**Typical Use Cases:**

* Custom application integration
* Enterprise automation platforms
* ITSM workflows
* DevOps orchestration tools

**Authentication Options:**

* Access Key
* OAuth (if enabled)

REST APIs allow granular control over certificate management processes through secure token-based authentication.

#### EST (Enrollment over Secure Transport)

EST is designed for secure certificate enrollment over TLS, commonly used in enterprise-managed environments.

<figure><img src="/files/gx5AugC9U40b53xPvYBP" alt=""><figcaption></figcaption></figure>

**Typical Use Cases:**

* Enterprise device provisioning
* Secure network equipment enrollment
* Managed infrastructure automation

**Configuration Fields:**

* Username and Password
* Associated Product
* Secure HTTPS communication

EST provides mutual authentication and secure CSR submission.

#### SCEP (Simple Certificate Enrollment Protocol)

SCEP enables automated certificate enrollment for network devices and MDM-managed endpoints.

<figure><img src="/files/7qOTIjwkSug1u8xC29DP" alt=""><figcaption></figcaption></figure>

**Typical Use Cases:**

* Mobile Device Management (MDM)
* Routers, firewalls, and network appliances
* Enterprise device onboarding

**Configuration Fields:**

* Shared Secret
* Product selection
* User association

SCEP simplifies large-scale device certificate provisioning.

#### CMP (Certificate Management Protocol)

CMP supports enterprise-grade certificate lifecycle management with strong authentication controls.

<figure><img src="/files/cyHXoc2CmrY7fL2yKSRo" alt=""><figcaption></figcaption></figure>

**Typical Use Cases:**

* Telecom environments
* Large-scale enterprise PKI deployments
* High-security automation environments

**Configuration Fields:**

* Authentication Name
* Shared Secret
* Product selection

CMP enables advanced certificate request validation and secure lifecycle operations.

#### WAEP (Windows Auto Enrollment Protocol)

WAEP enables integration with Microsoft Active Directory environments for automated certificate enrollment.

<figure><img src="/files/u5ghqNcLy9XAgZIWBryM" alt=""><figcaption></figcaption></figure>

**Typical Use Cases:**

* Domain-joined systems
* Enterprise Windows infrastructure
* AD-based certificate templates

**Configuration Fields Include:**

* LDAP URL and Port
* Domain and Username
* Kerberos configuration
* Template Type selection
* Policy interval

WAEP supports LDAP-based template discovery using the **Fetch Templates** option.

#### Operational Notes

* API credentials can be filtered, exported, revoked, or regenerated from the APIs dashboard.
* Each protocol credential is linked to a specific Product (CA template).
* Revoked credentials immediately disable associated automation flows.
* All API operations are logged for audit and traceability.

By supporting ACME, REST, EST, SCEP, CMP, and WAEP, CERTInext enables flexible automation across modern cloud-native, enterprise, and legacy environments.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.certinext.io/documentation/automation-and-devops/supported-protocols-acme-scep-est-etc.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.