Module cms_est 

CMS-wrapped EST endpoints (RFC 8295).

These endpoints accept EST requests wrapped in CMS SignedData for authentication and return responses wrapped in CMS EnvelopedData for confidentiality. This enables EST over plain HTTP when a TLS-terminating proxy strips the TLS layer.

RFC 8295 §4: All EST operations are supported with CMS wrapping. The Content-Type for all requests and responses is application/pkcs7-mime.

Route structure

/.well-known/est/cms/
    simpleenroll     POST (§4.2 + CMS wrapping)
    simplereenroll   POST (§4.2.2 + CMS wrapping)
    serverkeygen     POST (§4.4 + CMS wrapping)
    fullcmc          POST (§4.3 + CMS wrapping)

Functions

cms_est_router

Build the CMS-EST sub-router.

post_cms_fullcmc

POST /.well-known/est/cms/fullcmc

post_cms_serverkeygen

POST /.well-known/est/cms/serverkeygen

post_cms_simpleenroll

POST /.well-known/est/cms/simpleenroll

post_cms_simplereenroll

POST /.well-known/est/cms/simplereenroll