logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

estproxy - example EST proxy application acting as an RA

Author

       This manpage is based on estproxy's usage output and the included documentation. It was written  for  the
       Debian project by Christoph Biedl <debian.axhn@manchmal.in-ulm.de> but may be used by others.

libEST 3.2.0                                       2024-07-28                                        estproxy(1)

Name

       estproxy - example EST proxy application acting as an RA

Options

-v
           Verbose operation

       -n
           Disable HTTP authentication

       -h
           Use HTTP Digest auth instead of Basic auth

       -t
           Enable PoP check of TLS UID

       -cfile
           PEM file to use for server cert

       -kfile
           PEM file to use for server key

       -sserver
           Upstream server IP address

       -pport#
           Upstream server TCP port#

       -lport#
           Downstream client TCP port# to listen on

       -rvalue
           HTTP realm to present to clients

       -dseconds
           Sleep timer to auto-shut the server

       -f
           Runs EST Proxy in FIPS MODE = ON

       -6
           Enable IPv6

       -wcount
           Timeout in seconds to wait for server response (default=10)

       --srpfile
           Enable TLS-SRP authentication of client using the specified SRP parameters file

       --enhcd_cert_auth
           Enable Enhanced Certificate Auth mode

       --cert_auth_ah_pwdvalue
           Specify the auth header password to use in Enhanced Certificate Auth mode

       --cert_auth_csr_check_on
           Enable the CSR check during Enhanced Cert Auth

       --enhcd_cert_local_nidnid
           Sets the local PKI domain subject field NID to grab from the peer cert. If not set the commonName NID
           will be used

       --enhcd_cert_mfg_namename
           Sets name of the manufacturer to be registered This name is required when registering a manufacturer

       --enhcd_cert_mfg_truststorefile
           Specifies a truststore file for an Enhanced Certificate Auth manufacturer to select the subject filed
           based upon. This truststore is required when registering a manufacturer

       --enhcd_cert_mfg_nidnid
           Sets  the  subject field NID to grab from the peer cert when that cert came from the manufacturer. If
           not set the commonName NID will be used

       --path-segvalue
           Sets the value of the path segment to be injected into the proxy context

       --perf-timers-on
           Enable the performance timers in proxy

See Also