logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

estclient - example EST client application using the granular API

Author

       This manpage is based on estclient's usage output and the included documentation. It was written for  the
       Debian project by Christoph Biedl <debian.axhn@manchmal.in-ulm.de> but may be used by others.

libEST 3.2.0                                       2024-07-28                                       estclient(1)

Name

       estclient - example EST client application using the granular API

Options

-v
           Verbose operation

       -g
           Get CA certificate from EST server

       -e
           Enroll with EST server and request a cert

       -q
           Enroll with EST server and request a cert and a server-side generated private key

       -a
           Get CSR attributes from EST server

       -z
           Force binding the PoP by including the challengePassword in the CSR

       -r
           Re-enroll with EST server and request a cert, must use -c option

       -ccertfile
           Identity certificate to use for the TLS session

       -kkeyfile
           Use with -c option to specify private key for the identity cert

       -xkeyfile
           Use existing private key in the given file for signing the CSR

       -ycsrfile
           Use existing CSR in the given file

       -sserver
           Enrollment server IP address

       -pport
           TCP port number for enrollment server

       -odir
           Directory where pkcs7 certs will be written

       -icount
           Number of enrollments to perform per thread (default=1)

       -wcount
           Timeout in seconds to wait for server response (default=10)

       -f
           Runs EST Client in FIPS MODE = ON

       -ustring
           Specify user name for HTTP authentication.

       -hstring
           Specify password for HTTP authentication.

       -?
           Print this help message and exit.

       --keypass_stdin
           Specify en-/decryption of private key, password read from STDIN

       --keypass_arg
           Specify en-/decryption of private key, password read from argument

       --common-namestring
           Specify  the  common  name  to use in the Suject Name field of the new certificate. 127.0.0.1 will be
           used if this option is not specified

       --pem-output
           Convert the new certificate to PEM format

       --srp
           Enable TLS-SRP cipher suites.  Use with --srp-user and --srp-password options.

       --srp-userstring
           Specify the SRP user name.

       --srp-passwordstring
           Specify the SRP password.

       --auth-tokenstring
           Specify the token to be used with HTTP token authentication.

       --path-segstring
           Specify the optional path segment to use in the URI.

       --proxy-serverstring
           Proxy server to enable SOCK/HTTP proxy mode.

       --proxy-portport
           Proxy port number.  Must include proxy-server.

       --proxy-proto EST_CLIENT_PROXY_PROTO
           Proxy protocol.

       --proxy-auth BASIC|NTLM
           Proxy authentication method.

       --proxy-usernamestring
           username to pass to proxy server.

       --proxy-passwordstring
           password to pass to proxy server.

See Also