Expand description
POST /.well-known/est/serverkeygen — Server-Side Key Generation.
RFC 7030 §4.4: The EST server generates a key pair on behalf of the client, signs a certificate, and returns both the certificate and the private key.
The response is multipart/mixed containing two parts:
- Part 1:
application/pkcs7-mime; smime-type=certs-only(certificate) - Part 2:
application/pkcs8(DER-encoded private key)
RHELBU-3536 R27: Authentication (mTLS or OTP) is required. Server-side key generation requires HSM or software key generation capability per configuration.
Functions§
- post_
serverkeygen POST /.well-known/est/serverkeygen