Configuring an EST Profile

EST supports automatic enrollment of certificates with the EST Server. The certificates can now be enrolled or re-enrolled automatically by configuring an EST profile on the AP. Certificate enrollment with EST allows you to use your own PKIPublic Key Infrastructure. PKI is a security technology based on digital certificates and the assurances provided by strong cryptography. See also certificate authority, digital certificate, public key, private key. instead of the factory or self-signed certificates available on the AP. This enables you to have maximum visibility and control over the management of the PKI used and can address any issues related to security in a scaled environment.

To configure an EST profile, complete the following steps:

1. In the Network Operations app, set the filter to a group containing at least one AP.

   The dashboard context for the group is displayed.

2. Under Manage, click Devices > Access Points.

   A list of APs is displayed in the List view.

3. Click the Config icon.

   The tabs to configure the APs are displayed.

4. Click Show Advanced.
5. Click the Security tab.

   The Security page is displayed.

6. Expand the Certificate Usage > EST Profile accordion.
7. Configure the following parameters:
   • EST Activate—Activates the EST profile.
   • EST CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. Certificate—Sets the EST CA Certificate from the drop-down list.
   • Server Name/IP Address—Hostname of the EST server.
   • Server Port—Indicates the port value of the EST server. The default value is 443.
   • Arbitrary Label—Sets an arbitrary label for the EST URIUniform Resource Identifier. URI identifies the name and the location of a resource in a uniform format. to distinguish it from the other EST profiles running on the EST server.
   • Arbitrary Label Enrollment—Sets an arbitrary enrollment label for EST URLUniform Resource Locator. URL is a global address used for locating web resources on the Internet..
   • Arbitrary Label Reenrollment—Sets an arbitrary re-enrollment label for EST URL.
   • Challenge Password—Sets a challenge password used in CSRCertificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate..
   • Retype Challenge Password—Retype challenge password used in CSR.
   • Trust Anchor—Denotes the server's trust anchor.
   • Organizational Unit Name—Sets the organizational unit name.
   • Username—Sets a username for the EST Client.
   • Password—Sets a password for the EST Client.
   • Retype Password—Retype password for the EST Client.
8. Click Save Settings.