PKI EST QUERY

Level

pki,modify LICENCE PKI

History

Appears in 3.10
force appears in 4.2
force removed in 4.7

Description

Generate a private key locally and query a new certificate on the remote host.

Example

PKI EST QUERY TLSCa="CN=ManagementCA O=EJBCA Sample C=SE" alias=ecdsa_est caname=ECDSA_EST_CA url=https://managementca:8442/ login=estuser password=estpw keytype=secp keysize=256 CN=TestEnrollSDp2561 name=TestEnrollSDp2561
PKI EST QUERY TLSCa="CN=ManagementCA O=EJBCA Sample C=SE" alias=ecdsa_est caname=ECDSA_EST_CA url=https://managementca:8443/ renew=TestEnrollSDp2561

Usage

url=<HTTPS base URL>
TLSCa=<CA name for TLS server trust>
caname=<EST CA name on SNS side>
[alias=<alias>] EST alias if server provides multiple CAs
[bindaddr=<host or IP>]
[bindport<port>]
[login=<login>]
[password=<password>] : HTTPS basic credentials
[keytype=<RSA|SECP|Brainpool>]
[keysize=<key size>]
[renew=<cert name>]
[type=<server|user|smartcard>] server by default.
[UPN=<userPrincipalName>]
[ALTNAMES=<list of ip or fqdn name separated by ;>]
[name=<Desired cert name on SNS side>]
[CN=<name>] : required on creation. Optional for renewal
[C=<country>]
[ST=<state>]
[L=<locality>]
[O=<organisation>]
[OU=<unit>]
[E=<email>]
[UA=<unstructuredAddress>]
[UN=<unstructuredName>]
[S=<serial>]
[tpm=<none|ondisk>]
Valid sizes are:
RSA: 1024 1536 2048 4096
SECP: 256 384 521
Brainpool: 256 384 512

Format

section

Returns

In case of success :
101 code=00a01000 msg="Begin" format="section"
[Result]
status=SUCCESS
name="<certificate name>"
100 code=00200800 msg="Certificate signed successfully"

110 code=02c02600 msg="Duplicated names"

In case of error (example):
200 code=02c06700 msg="EST server does not respond correctly"