Axis Communications announces support for Enrollment over Secure Transport (EST) network standard (RFC 7030) in the latest release of the Axis operating system, AXIS OS 12.10. Axis is the first in the physical security industry to support this standard, offering a modern solution for automated certificate management.
An effective, IT-centric integration interface
The security of network products heavily depends on the proper use and management of X.509 certificates, used, for example, for HTTPS and 802.1X network communication. Managing certificates across hundreds or thousands of devices while meeting IT policies on certificate lifetime and security can be challenging.
EST is an open IETF standard (RFC 7030), developed within the PKIX working group, with early and significant contributions from engineers at companies such as Cisco Systems and HPE. As a network protocol, it is used to automate certificate management on laptops, servers, network cameras, switches, and other IoT devices.
These devices automatically request and continuously renew their X.509 certificates by communicating with centralized IT infrastructure and applications such as KeyFactor EJBCA, HPE Aruba Networking ClearPass Policy Manager or Cisco Identity Service Engine (ISE)®.
EST introduces major improvements over the older Simple Certificate Enrollment Protocol (SCEP), including support for ECC cryptography, strong TLS-based certificate authentication, and improved renewal capabilities. It streamlines the lifecycle of X.509 certificates, ensuring encrypted communication and strong device authentication, while automatically rotating certificates based on IT-defined policies and intervals.
AXIS OS is running on more than 200 network products and millions of deployed devices. With the release of AXIS OS 12.10, Axis provides IT teams with the tools they need to efficiently manage Axis network products while also eliminating the manual work previously required to handle certificates on those products. Axis devices can now automatically obtain, renew, and manage digital certificates using strong encryption through TLS 1.2/1.3 and certificate-based authentication.
Axis for IT teams
Introducing support for EST is another step in Axis Communication’s long-term commitment to helping IT teams securely and automatically manage Axis network products within their existing infrastructure. This extends existing capabilities, including device SBOMs, remote-syslog-based audit logging, SNMP-based health-monitoring, OAuth 2.0 for centralized identity and access management (Active Directory (ADFS) integration), as well as support for IEEE technologies such as 802.1X for network authentication and 802.1AE MACsec for layer-2 network encryption.
