Protocol Integrations
Protocol Integrations
Section titled “Protocol Integrations”SSL-CLM supports industry-standard certificate enrollment and management protocols.
Supported Protocols
Section titled “Supported Protocols”| Protocol | Direction | Use Case |
|---|---|---|
| ACME | Client & Server | Automated certificate issuance with domain validation |
| SCEP | Server | Certificate enrollment for network devices and MDM |
| EST | Server | Modern certificate enrollment over TLS |
| CMP | Server | Full-featured certificate lifecycle management |
SSL-CLM includes a built-in ACME server for issuing certificates from private CAs, and an ACME client for requesting certificates from external CAs like Let’s Encrypt.
Supported challenge types:
- HTTP-01
- DNS-01
- TLS-ALPN-01
External Account Binding (EAB) is supported for authenticated ACME access.
SSL-CLM’s SCEP server enables certificate enrollment for:
- Network devices (routers, switches, firewalls)
- MDM-managed mobile devices
- Legacy infrastructure that only supports SCEP
Enrollment over Secure Transport (EST) provides a modern, TLS-authenticated alternative to SCEP:
- Mutual TLS authentication
- Certificate-based enrollment
- Re-enrollment for certificate renewal
Certificate Management Protocol provides full lifecycle operations:
- Initial enrollment
- Key update
- Certificate revocation
- Cross-certification