Supported Protocols (ACME, SCEP, EST etc)
CERTInext supports multiple industry-standard certificate enrollment and automation protocols to enable seamless integration across cloud platforms, DevOps pipelines, network devices, enterprise directories, and legacy systems. These protocols can be configured under:
Integrations → APIs → + New API Credentials
When creating new API credentials, users can select the required protocol type from the API Type dropdown.
ACME (Automated Certificate Management Environment)
ACME enables fully automated certificate issuance and renewal, commonly used for web servers, load balancers, and DevOps environments.
Typical Use Cases:
Web server automation (Nginx, Apache, IIS)
Kubernetes ingress controllers
Cloud-native workloads
CI/CD pipelines
Configuration Highlights:
Select API Type: ACME
Associate with User, Groups, and Product
Generate API credentials
Use ACME client to connect to CERTInext ACME endpoint
ACME supports automated DCV methods such as HTTP-01 and DNS-01, depending on CA configuration.
REST API
REST APIs provide programmatic access to certificate lifecycle operations including issuance, renewal, revocation, and reporting.
Typical Use Cases:
Custom application integration
Enterprise automation platforms
ITSM workflows
DevOps orchestration tools
Authentication Options:
Access Key
OAuth (if enabled)
REST APIs allow granular control over certificate management processes through secure token-based authentication.
EST (Enrollment over Secure Transport)
EST is designed for secure certificate enrollment over TLS, commonly used in enterprise-managed environments.
Typical Use Cases:
Enterprise device provisioning
Secure network equipment enrollment
Managed infrastructure automation
Configuration Fields:
Username and Password
Associated Product
Secure HTTPS communication
EST provides mutual authentication and secure CSR submission.
SCEP (Simple Certificate Enrollment Protocol)
SCEP enables automated certificate enrollment for network devices and MDM-managed endpoints.
Typical Use Cases:
Mobile Device Management (MDM)
Routers, firewalls, and network appliances
Enterprise device onboarding
Configuration Fields:
Shared Secret
Product selection
User association
SCEP simplifies large-scale device certificate provisioning.
CMP (Certificate Management Protocol)
CMP supports enterprise-grade certificate lifecycle management with strong authentication controls.
Typical Use Cases:
Telecom environments
Large-scale enterprise PKI deployments
High-security automation environments
Configuration Fields:
Authentication Name
Shared Secret
Product selection
CMP enables advanced certificate request validation and secure lifecycle operations.
WAEP (Windows Auto Enrollment Protocol)
WAEP enables integration with Microsoft Active Directory environments for automated certificate enrollment.
Typical Use Cases:
Domain-joined systems
Enterprise Windows infrastructure
AD-based certificate templates
Configuration Fields Include:
LDAP URL and Port
Domain and Username
Kerberos configuration
Template Type selection
Policy interval
WAEP supports LDAP-based template discovery using the Fetch Templates option.
Operational Notes
API credentials can be filtered, exported, revoked, or regenerated from the APIs dashboard.
Each protocol credential is linked to a specific Product (CA template).
Revoked credentials immediately disable associated automation flows.
All API operations are logged for audit and traceability.
By supporting ACME, REST, EST, SCEP, CMP, and WAEP, CERTInext enables flexible automation across modern cloud-native, enterprise, and legacy environments.
Last updated