ESTENROLL
Description
Perform EST operations for certificate enrolment.
Command
estenroll --operation <cacerts|simpleenroll|simplereenroll> --url <URL> --httpsca <caname> [--alias
<alias>] [--bindaddr <addr/host/interface>] [--bindport <port>] [--httpslogin <login>]
[--httpspassword <password>] [--promptpassword] [--keytype <RSA|SECP|Brainpool>] [--keysize <size>] [--reqtype <user|server|smartcard>] [--subj <X509 name>] [--upn <upn>] [--altnames <altnames>] [--caname <caname>] [--name <certname>] [--tpm <none|ondisk>]
--operation :
cacerts Retrieve and import the EST CA
simpleenroll Enroll a certificate
simplereenroll Renew a certificate
--url - Server URL: EST server base URL (https://<host>:<port>/)
--alias - EST server alias (when server provides multiple CAs)
--bindaddr - addr/host/interface to bind the connection to
--bindport - port to bind the connection to
--httpsca - TLS Server CA certificate
--httpslogin - HTTPS basic auth login
--httpspassword - HTTPS basic auth password
--promptpassword - prompt for the HTTPS password
--keytype - Requested keytype ("RSA"|"SECP"|"Brainpool")
--keysize - Requested keysize
--reqtype - CSR type ("server"|"user"|"smartcard")
--subj - Requested X509 name ("/C=value0/ST=value1/S=...")
--upn - Requested X509v3 UPN (for smartcard requests)
--altnames - Requested X509v3 altnames (semi-colon separated IP Address/DNS list)
--caname - CA for the requested certificate (for simpleenroll/simplereenroll)
--name - Desired import name (for simpleenroll) or certificate to be renewed (for simplereenroll)
--tpm - TPM seal: (none|ondisk) (for simpleenroll)
--dr_force - force import in DR mode on non-compliant cert
--help - This help