Function post_serverkeygen

Source

pub async fn post_serverkeygen(
    auth: EstAuth,
    label: LabelExtractor,
    __arg2: State<Arc<AppState>>,
    body: Bytes,
) -> Result<Response, KipukaError>

Expand description

POST /.well-known/est/serverkeygen

Accepts a PKCS#10 CSR (with placeholder key or desired attributes) and returns a multipart response with the issued certificate and the server-generated private key.

§Authentication

Requires mTLS or OTP authentication (RHELBU-3536 R27).

§Request

Header	Value
Content-Type	`application/pkcs10`
Body	Base64-encoded DER PKCS#10 CSR

The CSR may contain a placeholder public key; the server replaces it with the generated key pair. The CSR’s requested subject and extensions are used as a template for the issued certificate.

§Response

Header	Value
Status	`200 OK`
Content-Type	`multipart/mixed; boundary=...`

Response body parts:

--estServerKeyGenBoundary
Content-Type: application/pkcs7-mime; smime-type=certs-only
Content-Transfer-Encoding: base64

<base64 PKCS#7 certificate>
--estServerKeyGenBoundary
Content-Type: application/pkcs8
Content-Transfer-Encoding: base64

<base64 PKCS#8 private key>
--estServerKeyGenBoundary--

§Errors

400 Bad Request — malformed CSR
401 Unauthorized — authentication failed
403 Forbidden — serverkeygen not enabled
500 Internal Server Error — key generation or CA signing failure
503 Service Unavailable — HSM offline

post_serverkeygen

Function post_serverkeygen Copy item path

§Authentication

§Request

§Response

§Errors

Function post_serverkeygen