cisco / libest

Other
98 stars 94 forks source link

Need command syntax for testing Server-side Key Generation #101

Closed devan555 closed 3 years ago

devan555 commented 3 years ago

For me enrollment works fine with both http and Certificate based authentication Below is the command I used: /estclient -e -s 127.0.0.1 -p 8085 -c cert1.pem -k key1.pem -u estuser -h estpwd -o /tmp

But when I try server side key generation Option, my assumption was request is going to be same as simpleenroll or simplereenroll.

I tired below commands and I am getting Errors

  1. ./estclient -q -s 127.0.0.1 -p 8085 -c cert1.pem -k key1.pem -u estuser -h estpwd -o /tmp Unable to read private key file

  2. Thentried giving a csr and privatekey using -x and -y option: ./estclient -q -s 127.0.0.1 -p 8085 -u estuser -h estpwd -x rsakey.key -y req.p10 -o /tmp Error: The -x option (private key for CSR) does not make sense with a pre-defined CSR

  3. Then tried giving only CSR: ./estclient -q -s 127.0.0.1 -p 8085 -c cert1.pem -k key1.pem -u estuser -h estpwd -y req.p10 -o /tmp Server-side key generation and simple enrollment without server-defined attributes failed with code 4 (EST_ERR_NO_KEY)

Can someone help me with exact command syntax for server side regeneration. Or should we enable something in the default libest to work? Any help is appreciated. Thank You

rpb5bnc commented 3 years ago
Try providing only the identity key.  For example, 

./estclient -v -q -s 127.0.0.1 -p 8085 -o /tmp -u estuser -h estpwd
-x ./priv_key.pem
devan555 commented 3 years ago

Thanks a lot @rpb5bnc it worked. Sorry for delay in response.