Cisco EST integration

The Cisco EST (Enrollment over Secure Transport) certificate authority uses SCEP (Simple Certificate Enrollment Protocol) to issue certificates. Cisco maintains a test server for handling EST certificate requests to assist with the integration.


To configure the Cisco EST certificate template, follow these steps:
  1. From the Cloud Extender Configuration Tool Certificate Integration window, select EST, enable Device Identity Certificates, click Import Certificate Template, and then click Next.
    EST Certificate Integration setting
  2. In the Certificate Integration Scope window, select Cisco as the EST Certificate Authority to use, and then click Next.
    Cisco EST option
  3. In the Certificate Integration EST window, provide the following information for the template:
    EST Template Configuration
    Option Description
    Template Name The name of your EST PKI template. The template name is displayed in the MaaS360® policies under various configuration sections that use identity certificates.
    Username The user name credentials for basic authentication to the EST server.
    Password The password credentials for basic authentication to the EST server.
    Port The port number of the EST server.
    Server The URL of the test server that is maintained by Cisco for handling EST certificate requests to assist with certificate integration. To request and receive the certificate from the EST test server, see
  4. In the Certificate Integration Cert Attributes window, provide the subject alternate name that uniquely identifies the user for authentication.
    Subject Alternate Name
    Use one of the following values in this field:
    • None
    • UPN
    • UPN and Email
    • Other: Open ended configuration that supports all variables as the subject name.
  5. In the Certificate Integration Finish window, initiate a test against the template that is configured for certificate integration.
    Test certificate window
    Note: The Cloud Extender® Configuration Tool substitutes template values that are not collected on the Test Certificate window with Test or Blank.
    1. Provide the certificate name (no spaces), the user name, the domain (fully qualified domain name), and the email address.
    2. Click Save and Test. Cloud Extender requests a new test certificate against the configured CA.
    3. Click the link to view the location of the test certificate locally on the Cloud Extender.
      Test certificate link

      If the certificate test fails, check whether the certificate request was received by the EST server and why the request failed. You can also collect the diagnostic logs for Cloud Extender to troubleshoot the issue.