Visual EST is an EST client with graphical interface. It uses the EST library from Bouncy Castle and JavaFX.
- Certificate enrollment and re-enrolment via Enrollment over Secure Transport protocol.
- Client authentication using certificate client and/or username & password (HTTP Basic and Digest).
- Support of TLS channel binding (Linking Identity and Proof-of-Possession information).
- Keypair generation using EC, RSA and DSA algorithms.
- Supported EST operations
- Distribution of CA certificates (getcacerts)
- CSR attributes (csrattrs)
- Client certificate request for initial enrollment (simpleenroll)
- Client certificate request for re-enrollment (simplereenroll)
- Certificate-less TLS mutual authentication.
- EST operations
- Full CMC (fullcmc)
- Server-Side Key Generation (serverkeygen)
Note: Both applications (Windows and macOS) are not code-signed, so you will see warning about this.
All notable changes to this project will be documented here.
Release 1.1.87 (2026-04-21)
Previously, when the trust anchor mode was set to "Add Additional From", the additional certificates from the selected file were added on top of the EST CA certificates only. The JRE built-in trust store was silently ignored, causing TLS connections to servers with certificates issued by well-known public CAs to fail unexpectedly.
Now, selecting "Add Additional From" correctly merges all three sources:
- The JRE built-in trust store
- The EST CA certificates retrieved via Get CA Certificates
- The additional trust anchors loaded from the specified file
Release 1.1.84 (2026-04-21)
- Java 25 LTS — The application now ships with a bundled Java 25 LTS runtime, bringing improved performance, security updates, and long-term support.
- Updated dependencies — All third-party libraries have been updated to their latest versions.
- Updated copyright — Copyright notice updated to 2020–2026.
⚠️ Dark theme glitches — The Dark theme may display visual artifacts or rendering glitches in certain UI areas. We are aware of the issue and it will be addressed in an upcoming release.
Workaround: Switch to the Light theme to avoid the problem.
Release 1.0.115 (2021-10-06)
- Now Visual EST uses Bouncy Castle 1.69, Java 17, and JavaFX 14.
- Now on macOS Visual EST has the right icon.
Release 1.0.28 (2020-03-24)
- Fix an issue that prevents some private key formats to be used for CSR generation.
Release 1.0.27 (2020-03-09)
- Fix the eye icon on the password fields
Release 1.0.26 (2020-03-08)
- Tabs are now detachable, so users are able to see General and Log tab at the same time.
Release 1.0.25 (2020-03-08)
- The sections for Certificate and Username & Password authentication has been merged into one. In addition, the Additional Settings section has been moved as separate tab.
Release 1.0.24 (2020-03-05)
- A new way to select client authentication certificate. Users can now drag & drop, paste, or browse certificate.
Release 1.0.23 (2020-03-03)
- Double click on a log event will open it in a new dialog.
Release 1.0.22 (2020-03-02)
- Certificate details are now showing UnstructuredName and UnstructuredAddress
- Certificate details window displays KU and EKU
- The attributes of the summary panel of the enrollend are now selectable
- Certificate details now shows the Serial Number in HEX
Release 1.0.21 (2020-02-29)
- Refactoring the validation logic of the client authentication certificate. How it includes expiration, chain, and revocation (CRL & OCSP) validations. ]
- The Serial Number of the issued certificate is wrong
- The Subject DN dialog does not set the correct Serial Number