Certificate Management Protocol Comparison
OSCP / CMC / CMP / SCEP / EST / ACME
This table provides an overview and comparison of different certificate management protocols
| OCSP | CMC | CMP | SCEP | EST | ACME | |
|---|---|---|---|---|---|---|
| Full Name | Online Certificate Status Protocol | Certificate Management over CMS | Certificate Management Protocol | Simple Certificate Enrollment Protocol | Enrollment over Secure Transport | Automated Certificate Management Environment |
| Main RFC | RFC 6960 | RFC 5272 | RFC 9810 | RFC 8894 | RFC 7030 | RFC 8555 |
| RFC Date | 2013 | 2008 | 2025 | 2020 | 2013 | 2019 |
| RFC Status | Standards Track | Standards Track | Standards Track | Informational | Standards Track | Standards Track |
| Server-Side Key Generation | ||||||
| Certificate Enrollment | ||||||
| Certificate Renewal | ||||||
| Certificate Validation | ||||||
| Certificate Revocation | ||||||
| Certificate Type | RSA, ECDSA | RSA, ECDSA | RSA, ECDSA | RSA only | RSA, ECDSA | RSA, ECDSA |
| Transport Protocol | HTTP | HTTP(s), TCP | HTTP(s), TCP | HTTP | HTTPs | HTTPs |
| Authentication Methods | N/A | TLS-based | Digital Signatures, Shared Secrets | Shared Secrets only | TLS-based, HTTP Basic/Digest Authentication | Challenge-based |
| Deployment | Simple | Complex | Complex | Simple | Medium complexity | Simple |
| Typical Use Case | For certificate validation purpose only | For telecom and railway communication networks | For legacy applications like network devices (Routers, Firewalls...) | For IoT devices, EST succeeds SCEP by addressing its security weaknesses | For certificate management for public servers | |
| Related ORYX Product | CycloneCRYPTO | - | - | CycloneSCEP | CycloneEST | CycloneACME |
Feel free to contact us to help refine your use case.