trustedge certificate est

  2 minute read  

| Usage | trustedge certificate est [options] | | Description | Uses EST for certificate enrollment, renewal, and key rekeying. |

Overview

TrustEdge certificate tool provides functionality for certificate enrollment, renewal, and key rekeying using Enrollment over Secure Transport (EST).

Examples

TrustEdge certificate EST help (–help)

To view usage details and available options for TrustEdge certificate EST, use the --help option:

trustedge certificate est --help

Download CA certificates with a custom prefix

trustedge certificate est getcacerts --estc-server-dn clientauth.demo.one.digicert.com \
  --estc-server-url /.well-known/est/<enrollment_profile_id>/cacerts --estc-cacerts-alias estca \
  --estc-pass <est_passcode>

Command breakdown:

  • getcacerts Invokes the EST CA certificate retrieval operation.
  • --estc-server-dn clientauth.demo.one.digicert.com Specifies the EST server’s distinguished name.
  • --estc-server-url /.well-known/est/<enrollment_profile_id>/cacerts Sets the URL endpoint for downloading CA certificates.
  • --estc-cacerts-alias estca Specifies a custom alias prefix for the CA certificates.
  • --estc-pass <est_passcode> Provides the EST passcode for authentication.

Enroll an ECC key

trustedge certificate est --algorithm ECC --curve P256 --estc-server-dn clientauth.demo.one.digicert.com \
  --estc-server-url /.well-known/est/<enrollment_profile_id>/simpleenroll --estc-pass <est_passcode> \
  --csr-conf sample_est_csr.cnf --key-alias myEstECCKey

Command breakdown:

  • --algorithm ECC Specifies the cryptographic algorithm to use, here ECC.
  • --curve P256 Indicates the ECC curve to be used, which is P256.
  • --estc-server-dn clientauth.demo.one.digicert.com Defines the EST server’s distinguished name.
  • --estc-server-url /.well-known/est/<enrollment_profile_id>/simpleenroll Sets the URL endpoint for certificate enrollment.
  • --estc-pass <est_passcode> Provides the EST passcode for authentication.
  • --csr-conf sample_est_csr.cnf Points to the CSR configuration file containing certificate details.
  • --key-alias myEstECCKey Assigns a custom alias for storing the generated key and certificate.

Renew an ECC key

trustedge certificate est --algorithm ECC --curve P256 --estc-server-dn clientauth.demo.one.digicert.com \
  --estc-server-url /.well-known/est/<enrollment_profile_id>/simplereenroll --estc-pass <est_passcode> \
  --csr-conf sample_est_csr.cnf --key-alias myEstECCKey

Command breakdown:

  • --algorithm ECC Specifies the cryptographic algorithm to use, here ECC.
  • --curve P256 Indicates the ECC curve to be used, which is P256.
  • --estc-server-dn clientauth.demo.one.digicert.com Defines the EST server’s distinguished name.
  • --estc-server-url /.well-known/est/<enrollment_profile_id>/simplereenroll Sets the URL endpoint for certificate renewal.
  • --estc-pass <est_passcode> Provides the EST passcode for authentication.
  • --csr-conf sample_est_csr.cnf Points to the CSR configuration file containing certificate renewal details.
  • --key-alias myEstECCKey Identifies the key alias for the certificate being renewed.