As far as I can see, the only possibility to use the simplereenroll endpoint of an EST server (as specified in section 4.2.2 of RFC 7030) is through the est_client_reenroll API function.
This function calls X509_check_private_key to check that the passed private key belongs to the passed certificate, which prevents passing a new private key to perform a "rekey" operation as specified in section 4.2.2 of RFC 7030.
I already saw the similar issue #90, but the solution to use the simpleenroll endpoint might not be applicable, if for example the EST server provider doesn't provide the same authentication and/or check mechanisms in the simpleenroll endpoint as in the simplereenroll endpoint.
Hello,
As far as I can see, the only possibility to use the
simplereenroll
endpoint of an EST server (as specified in section 4.2.2 of RFC 7030) is through theest_client_reenroll
API function.This function calls
X509_check_private_key
to check that the passed private key belongs to the passed certificate, which prevents passing a new private key to perform a "rekey" operation as specified in section 4.2.2 of RFC 7030.I already saw the similar issue #90, but the solution to use the
simpleenroll
endpoint might not be applicable, if for example the EST server provider doesn't provide the same authentication and/or check mechanisms in thesimpleenroll
endpoint as in thesimplereenroll
endpoint.