Scroll to navigation

estproxy(1) libEST Documentation estproxy(1)

NAME

estproxy - example EST proxy application acting as an RA

OPTIONS

-v

Verbose operation

-n

Disable HTTP authentication

-h

Use HTTP Digest auth instead of Basic auth

-t

Enable PoP check of TLS UID

-c file

PEM file to use for server cert

-k file

PEM file to use for server key

-s server

Upstream server IP address

-p port#

Upstream server TCP port#

-l port#

Downstream client TCP port# to listen on

-r value

HTTP realm to present to clients

-d seconds

Sleep timer to auto-shut the server

-f

Runs EST Proxy in FIPS MODE = ON

-6

Enable IPv6

-w count

Timeout in seconds to wait for server response (default=10)

--srp file

Enable TLS-SRP authentication of client using the specified SRP parameters file

--enhcd_cert_auth

Enable Enhanced Certificate Auth mode

--cert_auth_ah_pwd value

Specify the auth header password to use in Enhanced Certificate Auth mode

--cert_auth_csr_check_on

Enable the CSR check during Enhanced Cert Auth

--enhcd_cert_local_nid nid

Sets the local PKI domain subject field NID to grab from the peer cert. If not set the commonName NID will be used

--enhcd_cert_mfg_name name

Sets name of the manufacturer to be registered This name is required when registering a manufacturer

--enhcd_cert_mfg_truststore file

Specifies a truststore file for an Enhanced Certificate Auth manufacturer to select the subject filed based upon. This truststore is required when registering a manufacturer

--enhcd_cert_mfg_nid nid

Sets the subject field NID to grab from the peer cert when that cert came from the manufacturer. If not set the commonName NID will be used

--path-seg value

Sets the value of the path segment to be injected into the proxy context

--perf-timers-on

Enable the performance timers in proxy

COPYRIGHT & LICENSE

Copyright (c) 2012-2018 Cisco Systems, Inc. All rights reserved.

License (BSD-3-Clause):

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
Redistributions of source code must retain the above copyright


  notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above


  copyright notice, this list of conditions and the following


  disclaimer in the documentation and/or other materials provided


  with the distribution.
Neither the name of the Cisco Systems, Inc. nor the names of its


  contributors may be used to endorse or promote products derived


  from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.

AUTHOR

This manpage is based on estproxy's usage output and the included documentation. It was written for the Debian project by Christoph Biedl <debian.axhn@manchmal.in-ulm.de> but may be used by others.

2024-07-28 libEST 3.2.0