Expand description
POST /.well-known/est/simplereenroll — Simple Re-enrollment.
RFC 7030 §4.2.2: EST clients submit a PKCS#10 CSR to renew an existing certificate. The client MUST authenticate via mTLS by presenting the certificate being renewed.
POP linking (§3.5): the TLS client certificate subject MUST match the CSR subject, proving the client possesses the private key of the certificate being renewed.
The server additionally verifies the client certificate has not been revoked (OCSP/CRL check per RHELBU-3536 R21).
Functions§
- post_
simplereenroll POST /.well-known/est/simplereenroll