You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As far as I can see, the only possibility to use the simplereenroll endpoint of an EST server (as specified in section 4.2.2 of RFC 7030) is through the est_client_reenroll API function.
This function calls X509_check_private_key to check that the passed private key belongs to the passed certificate, which prevents passing a new private key to perform a "rekey" operation as specified in section 4.2.2 of RFC 7030.
I already saw the similar issue #90, but the solution to use the simpleenroll endpoint might not be applicable, if for example the EST server provider doesn't provide the same authentication and/or check mechanisms in the simpleenroll endpoint as in the simplereenroll endpoint.
The text was updated successfully, but these errors were encountered:
Hello,
As far as I can see, the only possibility to use the
simplereenrollendpoint of an EST server (as specified in section 4.2.2 of RFC 7030) is through theest_client_reenrollAPI function.This function calls
X509_check_private_keyto check that the passed private key belongs to the passed certificate, which prevents passing a new private key to perform a "rekey" operation as specified in section 4.2.2 of RFC 7030.I already saw the similar issue #90, but the solution to use the
simpleenrollendpoint might not be applicable, if for example the EST server provider doesn't provide the same authentication and/or check mechanisms in thesimpleenrollendpoint as in thesimplereenrollendpoint.The text was updated successfully, but these errors were encountered: