Cisco EST integration
The Cisco EST (Enrollment over Secure Transport) certificate authority uses SCEP (Simple Certificate Enrollment Protocol) to issue certificates. Cisco maintains a test server for handling EST certificate requests to assist with the integration.
Procedure
To configure the Cisco EST certificate template, follow these steps:
- From the Cloud Extender Configuration Tool Certificate Integration window,
select EST, enable Device Identity Certificates, click
Import Certificate Template, and then click Next.
- In the Certificate Integration Scope window, select
Cisco as the EST Certificate Authority to use, and then click
Next.
- In the Certificate Integration EST window, provide the following
information for the template:
Option Description Template Name The name of your EST PKI template. The template name is displayed in the MaaS360® policies under various configuration sections that use identity certificates. Username The user name credentials for basic authentication to the EST server. Password The password credentials for basic authentication to the EST server. Port The port number of the EST server. Server The URL of the test server that is maintained by Cisco for handling EST certificate requests to assist with certificate integration. To request and receive the certificate from the EST test server, see http://www.testrfc7030.com/. - In the Certificate Integration Cert Attributes window, provide the subject
alternate name that uniquely identifies the user for authentication. Use one of the following values in this field:
- None
- UPN
- UPN and Email
- Other: Open ended configuration that supports all variables as the subject name.
- In the Certificate Integration Finish window, initiate a test against the
template that is configured for certificate integration. Note: The Cloud Extender® Configuration Tool substitutes template values that are not collected on the Test Certificate window with Test or Blank.
- Provide the certificate name (no spaces), the user name, the domain (fully qualified domain name), and the email address.
- Click Save and Test. Cloud Extender requests a new test certificate against the configured CA.
- Click the link to view the location of the test certificate locally on the Cloud Extender.
If the certificate test fails, check whether the certificate request was received by the EST server and why the request failed. You can also collect the diagnostic logs for Cloud Extender to troubleshoot the issue.