API oriented PKI
IoT deployments involve a volume and velocity far beyond traditional PKI deployments. To achieve these high volume scenarios, the PKI services are exposed via effective APIs for automation.
Enrollment API
Enrollment API makes the issuing of certificates as scalable as possible, implementing the Enrollment over Secure Transport Protocol (EST). With EST, enterprise device management systems are able to request digital certificates electronically and in a simple way.
Validation API
Online Certificate Status Protocol (OCSP) is used to implement the Validation API that allows applications to obtain the revocation status of a particular certificate.
EST
When an X.509 certificate is issued there typically is a need for a certificate management protocol to enable a PKI client to request or renew a certificate from a Certificate Authority (CA). Enrollment over Secure Transport Protocol (EST) is a protocol that deals with this certificate management in an effective way by using CMS (formerly known as PKCS #7) and PKCS #10 over HTTP.
OCSP
OCSP is a useful protocol for determining the current status of a digital certificate wihout requiring Certificate Revocation Lists (CRLs). OCSP provides more timely revocation information than is possible in CRLs.
Interoperability
Usage of widely adopted standards facilitates integration and interoperability with other enterprise systems.
