est icon indicating copy to clipboard operation
est copied to clipboard

Published 20 hours ago verified publisher icon globalsign

Certificates required on reenrollment

Open Lukowalski97 opened this issue 5 months ago • 1 comments

During reenrollment it is required that the certificate used to authenticate, must be same as obtained during enrollment. Unfortunately it cannot work in a case when est server is communicating with client which is not using this cert directly.

E.g. when EST server is communicating with a registrar from this RFC: https://datatracker.ietf.org/doc/html/rfc9148#name-https-coaps-registrar In mentioned case Registrar cannot use certificate obtained during enrollment as it is EST client's certificate, and private key of this client is not available on Registrar.

It would be nice to disable such check by introducing some flag to config, so it could be turned off in that case.

Lukowalski97 avatar Feb 21 '24 12:02 Lukowalski97