table of contents
| estclient(1) | libEST Documentation | estclient(1) |
NAME¶
estclient - example EST client application using the granular API
OPTIONS¶
-v
Verbose operation
-g
Get CA certificate from EST server
-e
Enroll with EST server and request a cert
-q
Enroll with EST server and request a cert and a
server-side generated private key
-a
Get CSR attributes from EST server
-z
Force binding the PoP by including the challengePassword
in the CSR
-r
Re-enroll with EST server and request a cert, must use -c
option
-c certfile
Identity certificate to use for the TLS session
-k keyfile
Use with -c option to specify private key for the
identity cert
-x keyfile
Use existing private key in the given file for signing
the CSR
-y csrfile
Use existing CSR in the given file
-s server
Enrollment server IP address
-p port
TCP port number for enrollment server
-o dir
Directory where pkcs7 certs will be written
-i count
Number of enrollments to perform per thread
(default=1)
-w count
Timeout in seconds to wait for server response
(default=10)
-f
Runs EST Client in FIPS MODE = ON
-u string
Specify user name for HTTP authentication.
-h string
Specify password for HTTP authentication.
-?
Print this help message and exit.
--keypass_stdin
Specify en-/decryption of private key, password read from
STDIN
--keypass_arg
Specify en-/decryption of private key, password read from
argument
--common-name string
Specify the common name to use in the Suject Name field
of the new certificate. 127.0.0.1 will be used if this option is not
specified
--pem-output
Convert the new certificate to PEM format
--srp
Enable TLS-SRP cipher suites. Use with --srp-user and
--srp-password options.
--srp-user string
Specify the SRP user name.
--srp-password string
Specify the SRP password.
--auth-token string
Specify the token to be used with HTTP token
authentication.
--path-seg string
Specify the optional path segment to use in the
URI.
--proxy-server string
Proxy server to enable SOCK/HTTP proxy mode.
--proxy-port port
Proxy port number. Must include proxy-server.
--proxy-proto EST_CLIENT_PROXY_PROTO
Proxy protocol.
--proxy-auth BASIC|NTLM
Proxy authentication method.
--proxy-username string
username to pass to proxy server.
--proxy-password string
password to pass to proxy server.
COPYRIGHT & LICENSE¶
Copyright (c) 2012-2018 Cisco Systems, Inc. All rights reserved.
License (BSD-3-Clause):
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided
with the distribution. Neither the name of the Cisco Systems, Inc. nor the names of its
contributors may be used to endorse or promote products derived
from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
AUTHOR¶
This manpage is based on estclient's usage output and the included documentation. It was written for the Debian project by Christoph Biedl <debian.axhn@manchmal.in-ulm.de> but may be used by others.
| 2024-07-28 | libEST 3.2.0 |