pub async fn post_simpleenroll(
auth: EstAuth,
label: LabelExtractor,
__arg2: State<Arc<AppState>>,
body: Bytes,
) -> Result<Response, KipukaError>Expand description
POST /.well-known/est/simpleenroll
Accepts a PKCS#10 CSR (base64-encoded) and returns a PKCS#7 certs-only response containing the issued certificate.
§Authentication
Requires one of:
- mTLS client certificate (validated against EST truststore)
- HTTP Basic with OTP (entity-id as username, OTP as password)
§Request
| Header | Value |
|---|---|
| Content-Type | application/pkcs10 |
| Body | Base64-encoded DER PKCS#10 CSR |
§Response
| Header | Value |
|---|---|
| Status | 200 OK or 202 Accepted |
| Content-Type | application/pkcs7-mime; smime-type=certs-only |
| Retry-After | (present only with 202) |
§Errors
400 Bad Request— malformed CSR, invalid base64, self-signature failure401 Unauthorized— authentication failed415 Unsupported Media Type— wrong Content-Type500 Internal Server Error— CA signing failure503 Service Unavailable— CA backend unavailable (with Retry-After)