EST and its applications

Data protection is necessary in a large roaming environment, where the certificate signing request passes through the multiple administrative domains, and untrusted networks. Manual signing of certificate on a CA server can cause security issues, and data sniffing. Eavesdroppers can collect confidential information to generate CSR, causing breach of trust, and security threat to an organization.

To overcome these issues, following solutions are supported in switch:
  • Application Certificate Enrollment using EST: EST (Enrollment over Secured Transport) over TLS is secure, reliable, and convenient mode for certificate request, and certificate enrollment. With this release, EST enrollment is supported for RadSec, Captive portal, OpenFlow, Syslog, and, SSH client/server applications.

  • Secure RADIUS (RadSec): RadSec is a protocol that supports RADIUS over TLS. RadSec mandates TLS to provide a secure, reliable, and a convenient mode of transport for RADIUS server request.

  • Syslog over TLS: Syslog over TLS secures the communication between a switch and a Syslog server for mutual authentication.

Figure 318: EST infrastructure supporting Certificate Enrollment, RadSec, and Syslog applications