PKI EST QUERY

Level

pki+modify LICENCE PKI

History

Appears in 3 10
force appears in 4 2

Description

Generate a private key locally and query a new certificate on the remote host

Implementation notes

Used by SMC, so report to them whenever changes CACHE_CATEGORY pki

Example

PKI EST QUERY TLSCa="CN=ManagementCA O=EJBCA Sample C=SE" alias=ecdsa_est caname=ECDSA_EST_CA url=https://managementca:8442/ login=estuser password=estpw keytype=secp keysize=256 CN=TestEnrollSDp2561 name=TestEnrollSDp2561
PKI EST QUERY TLSCa="CN=ManagementCA O=EJBCA Sample C=SE" alias=ecdsa_est caname=ECDSA_EST_CA url=https://managementca:8443/ renew=TestEnrollSDp2561

Usage

url=<HTTPS base URL>
TLSCa=<CA name for TLS server trust>
caname=<EST CA name on SNS side>
[alias=<alias>] EST alias if server provides multiple CAs
[bindaddr=<host or IP>]
[bindport<port>]
[login=<login>]
[password=<password>] : HTTPS basic credentials
[keytype=<RSA|SECP|Brainpool>]
[keysize=<key size>]
[renew=<cert name>]
[type=<server|user|smartcard>] server by default
[UPN=<userPrincipalName>]
[ALTNAMES=<list of ip or fqdn name separated by ;>]
[name=<Desired cert name on SNS side>]
[CN=<name>] : required on creation Optional for renewal
[C=<country>]
[ST=<state>]
[L=<locality>]
[O=<organisation>]
[OU=<unit>]
[E=<email>]
[UA=<unstructuredAddress>]
[UN=<unstructuredName>]
[S=<serial>]
[tpm=<none|ondisk>]
[force=<0|1>] force request and import in DR mode even if cert appears not to be compliant
Valid sizes are:
RSA: 1024 1536 2048 4096
SECP: 256 384 521
Brainpool: 256 384 512