EST clients must use one of the following URLs to communicate with Certificate Enrollment Gateway.

When using the concatenated URL, the tenant ID, CA ID, and certificate profile ID cannot use underscores.

Default EST enrollment URL:

https://<CEG-server>:1443/.well-known/est/<tenant-ID>/<CA-ID>/<profile-ID>/

Concatenated EST enrollment URL:

https://<CEG-server>:1443/.well-known/est/<tenant-ID>_<CA-ID>_<profile-ID>/

Where:

  • <CEG-server> is the hostname or IP address of the Certificate Enrollment Gateway server.
  • <tenant-ID> is the unique identifier of a tenant defined in Certificate Enrollment Gateway. The value is case-sensitive.
  • <CA-ID> is the CA ID of the Certification Authority (CA) defined in CA Gateway that will issue certificates to the EST client.
  • <profile-ID> is the profile ID defined in CA Gateway that defines the certificate type issued to the EST client. For Entrust PKI as a Service, the profile ID is one of the following:
    • est-digital-signature-key-encipherment
    • est-digital-signature
    • est-key-encipherment
    • est-non-repudiation

For example:

https://cegserver.example.com/.well-known/est/tenant1/example-ca1/est-digital-signature/
https://cegserver.example.com/.well-known/est/tenant1_example-ca1_est-digital-signature/