EST Enrollment
- Add Authentication Certificate and Key in the location
-
Generate CSR in the location using Openssl
Eg: openssl genrsa -out enrollment.key 2048 && openssl req -new -key enrollment.key
-
Initiate GeCACert Request using Curl
- curl --cert <auth_cert>--key
<auth_key>https://<ip>:<port>/.well-known/est/cacerts - o
<output_ca_p7>
Convert Recived p7 Certificate in to pem using openssl
- openssl base64 -d -in <output_ca_p7>| openssl pkcs7 -inform DER -outform PEM - print_certs -out <output_ca_cert_pem>
Example- curl --cert est_auth.crt --key est_auth.key --cacert 192-168-96-22.pem https://192.168.66.50:5301/.well-known/est/cacerts -o cacerts.p7 Convert Recived p7 Certificate in to pem using openssl
- openssl base64 -d -in cacerts.p7 | openssl pkcs7 -inform DER -outform PEM -print_certs -out cacerts.pem
- curl --cert <auth_cert>--key
<auth_key>https://<ip>:<port>/.well-known/est/cacerts - o
<output_ca_p7>
-
Initiate Enrollment Request
- curl -k --cert <aith_cert>--key <auth_key> <simpleenroll_url>
--data-binary @ <csr_file>-H "Content-Type: application/pkcs10" -o
<signed_cert.p7>
Convert Signed p7 Certificate in to pem using openssl
- openssl base64 -d -in <sign_cert.p7>| openssl pkcs7 -inform DER -outform PEM - print_certs -out <sign_cert.pem>
Example- curl -k --cert est_auth.crt --key est_auth.key
https://<ip>:<port>/.wellknown/est/simpleenroll --data-binary @
<csrfile.csr>-H "Content-Type: application/pkcs10" -o output.p7
Convert Recived p7 Certificate in to pem using openssl
- openssl base64 -d -in output.p7 -out output.decode | openssl pkcs7 -inform DER - outform PEM -in output.decode -print_certs -out est_signed.pem
- curl -k --cert <aith_cert>--key <auth_key> <simpleenroll_url>
--data-binary @ <csr_file>-H "Content-Type: application/pkcs10" -o
<signed_cert.p7>