Install Now
estserver - example EST server application using OpenSSL CA
Contents
Copyright & License
Copyright (c) 2012-2018 Cisco Systems, Inc. All rights reserved.
License (BSD-3-Clause):
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided
with the distribution.
Neither the name of the Cisco Systems, Inc. nor the names of its
contributors may be used to endorse or promote products derived
from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.
Name
estserver - example EST server application using OpenSSL CA
Options
-v
Verbose operation
-cfile
PEM file to use for server cert
-kfile
PEM file to use for server key
-rvalue
HTTP realm to present to clients. Max is 32 characters.
-l
Enable CRL checks
-t
Enable check for binding client PoP to the TLS UID
-mseconds
Simulate manual CA enrollment
-n
Disable HTTP authentication (TLS client auth required)
-o
Disable HTTP authentication when TLS client auth succeeds
-h
Use HTTP Digest auth instead of Basic auth
-b
Use HTTP Basic auth. Causes explicit call to set Basic auth
-pnum
TCP port number to listen on
-dseconds
Sleep timer to auto-shut the server
-f
Runs EST Server in FIPS MODE = ON
-6
Enable IPv6
-w
Dump the CSR to '/tmp/csr.p10' allowing for manual attribute capture on server
-?
Print this help message and exit
--keypass_stdin
Specify en-/decryption of private key, password read from STDIN
--keypass_arg
Specify en-/decryption of private key, password read from argument
--srpfile
Enable TLS-SRP authentication of client using the specified SRP parameters file
--enforce-csr
Enable CSR attributes enforcement. The client must provide all the attributes in the CSR.
--tokenvalue
Use HTTP Bearer Token auth.
--enhcd_cert_auth
Enable Enhanced Certificate Auth mode
--enhcd_cert_local_nidnid
Sets the local PKI domain subject field NID to grab from the peer cert. If not set the commonName NID
will be used
--cert_auth_ah_pwdvalue
Specify the auth header password to use in Enhanced Certificate Auth mode
--cert_auth_csr_check_on
Enable the CSR check during Enhanced Cert Auth
--enhcd_cert_mfg_namename
Sets name of the manufacturer to be registered This name is required when registering a manufacturer
--enhcd_cert_mfg_truststorefile
Specifies a truststore file for an Enhanced Certificate Auth manufacturer to select the subject field
based upon. This truststore is required when registering a manufacturer
--enhcd_cert_mfg_nidnid
Sets the subject field NID to grab from the peer cert when that cert came from the manufacturer. If
not set the commonName NID will be used
--enable-brski
Enable BRSKI bootstrapping support.
--perf-timers-on
Enable the performance timers in server
PNG Icons