Closed brokoler closed 1 year ago
Hello @brokoler, sorry you didn't get a response sooner. The estclient
was designd this because of the specification of the EST RFC. That section of the url ca:<NUMBER>
can be included with this client using the -aps
flag when enrolling. This is the additional path segment mentioned in RFC 7030 3.2.2.
Since this is supported, I don't think a -server flag is warranted. Hopefully this solves your problem!
Hello,
I'm trying to use the estclient for certificate enrollment together with an Aruba Clearpass server, which also provides an EST URL.
After installing the estclient successfully, I downloaded all required server certificates to my linux host and tried to enroll a certificate. Since the Clearpass URL doesn't listen on
https://<EST-SERVER-IP-ADDRESS>/.well-known/est/simpleenroll
but instead listens tohttps://<EST-SERVER-IP-ADDRESS>/.well-known/est/ca:<NUMBER>
it's not possible to enroll a certificate.The estclient only expects the server IP address and the listening port and appends the string
/.well-known-est-simpleenroll
automatically, so no custom paths are supported.Feature request: