estclient - example EST client application using the granular API
Contents
Copyright & License
Copyright (c) 2012-2018 Cisco Systems, Inc. All rights reserved.
License (BSD-3-Clause):
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided
with the distribution.
Neither the name of the Cisco Systems, Inc. nor the names of its
contributors may be used to endorse or promote products derived
from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.
Name
estclient - example EST client application using the granular API
Options
-v
Verbose operation
-g
Get CA certificate from EST server
-e
Enroll with EST server and request a cert
-q
Enroll with EST server and request a cert and a server-side generated private key
-a
Get CSR attributes from EST server
-z
Force binding the PoP by including the challengePassword in the CSR
-r
Re-enroll with EST server and request a cert, must use -c option
-ccertfile
Identity certificate to use for the TLS session
-kkeyfile
Use with -c option to specify private key for the identity cert
-xkeyfile
Use existing private key in the given file for signing the CSR
-ycsrfile
Use existing CSR in the given file
-sserver
Enrollment server IP address
-pport
TCP port number for enrollment server
-odir
Directory where pkcs7 certs will be written
-icount
Number of enrollments to perform per thread (default=1)
-wcount
Timeout in seconds to wait for server response (default=10)
-f
Runs EST Client in FIPS MODE = ON
-ustring
Specify user name for HTTP authentication.
-hstring
Specify password for HTTP authentication.
-?
Print this help message and exit.
--keypass_stdin
Specify en-/decryption of private key, password read from STDIN
--keypass_arg
Specify en-/decryption of private key, password read from argument
--common-namestring
Specify the common name to use in the Suject Name field of the new certificate. 127.0.0.1 will be
used if this option is not specified
--pem-output
Convert the new certificate to PEM format
--srp
Enable TLS-SRP cipher suites. Use with --srp-user and --srp-password options.
--srp-userstring
Specify the SRP user name.
--srp-passwordstring
Specify the SRP password.
--auth-tokenstring
Specify the token to be used with HTTP token authentication.
--path-segstring
Specify the optional path segment to use in the URI.
--proxy-serverstring
Proxy server to enable SOCK/HTTP proxy mode.
--proxy-portport
Proxy port number. Must include proxy-server.
--proxy-proto EST_CLIENT_PROXY_PROTO
Proxy protocol.
--proxy-auth BASIC|NTLM
Proxy authentication method.
--proxy-usernamestring
username to pass to proxy server.
--proxy-passwordstring
password to pass to proxy server.
