For me enrollment works fine with both http and Certificate based authentication
Below is the command I used:
/estclient -e -s 127.0.0.1 -p 8085 -c cert1.pem -k key1.pem -u estuser -h estpwd -o /tmp
But when I try server side key generation Option, my assumption was request is going to be same as simpleenroll or simplereenroll.
Thentried giving a csr and privatekey using -x and -y option:
./estclient -q -s 127.0.0.1 -p 8085 -u estuser -h estpwd -x rsakey.key -y req.p10 -o /tmp
Error: The -x option (private key for CSR) does not make sense with a pre-defined CSR
Then tried giving only CSR:
./estclient -q -s 127.0.0.1 -p 8085 -c cert1.pem -k key1.pem -u estuser -h estpwd -y req.p10 -o /tmp
Server-side key generation and simple enrollment without server-defined attributes failed with code 4 (EST_ERR_NO_KEY)
Can someone help me with exact command syntax for server side regeneration. Or should we enable something in the default libest to work?
Any help is appreciated. Thank You
For me enrollment works fine with both http and Certificate based authentication Below is the command I used: /estclient -e -s 127.0.0.1 -p 8085 -c cert1.pem -k key1.pem -u estuser -h estpwd -o /tmp
But when I try server side key generation Option, my assumption was request is going to be same as simpleenroll or simplereenroll.
I tired below commands and I am getting Errors
./estclient -q -s 127.0.0.1 -p 8085 -c cert1.pem -k key1.pem -u estuser -h estpwd -o /tmp Unable to read private key file
Thentried giving a csr and privatekey using -x and -y option: ./estclient -q -s 127.0.0.1 -p 8085 -u estuser -h estpwd -x rsakey.key -y req.p10 -o /tmp Error: The -x option (private key for CSR) does not make sense with a pre-defined CSR
Then tried giving only CSR: ./estclient -q -s 127.0.0.1 -p 8085 -c cert1.pem -k key1.pem -u estuser -h estpwd -y req.p10 -o /tmp Server-side key generation and simple enrollment without server-defined attributes failed with code 4 (EST_ERR_NO_KEY)
Can someone help me with exact command syntax for server side regeneration. Or should we enable something in the default libest to work? Any help is appreciated. Thank You