est_proxy is development project to create an est protocol proxy. Main intention is to provide est enrollment services on CA servers which do not support this protocol. It consists of two libraries:
- est_proxy/*.py - a bunch of classes implementing est server functionality based on rfc7030
- ca_handler.py - interface towards CA server. The intention of this library is to be modular that an adaption to other CA servers should be straight forward. As of today the following handlers are available:
For more up-to-date information and further documentation, please visit the project's home page at: https://github.com/grindsa/est_proxy
Releasenotes and ChangLog can be found at https://github.com/grindsa/est_proxy/releases
Following est-clients are used for regular testing of server functionality
Other clients are on my list for later testing. In case you are bored, feel free to test other client implementations and raise issues if something does not work as expected.
Command-line parameters used for testing
I am not a professional developer. Keep this in mind while laughing about my code and don’t forget to send patches.
As of today est_proxy
supports the below authentication functions of RFC7030:
- Certificate TLS Authentication (Section 2.2.1)
The following call-flows are supported:
- Distribution of CA Certificates (cacerts) (Section 4.1)
- Simple Enrollment of Clients (simpleenroll) (Section 4.2.1)
- Simple Re-enrollment of Clients (simplereenroll) (Section 4.2.2)
Additional functionality will be added over time. If you are badly missing a certain feature please raise an issue to let me know.
The fastest and most convenient way to install est_proxy
is to use docker containers. There are ready made images available at dockerhub and ghcr.io as well as instructions to build your own container.
A manual installation procedure will be added at a later stage of the project.
Please read CONTRIBUTING.md for details on my code of conduct, and the process for submitting pull requests. Please note that I have a life besides programming. Thus, expect a delay in answering.
I use SemVer for versioning. For the versions available, see the tags on this repository.
This project is licensed under the GPLv3 - see the LICENSE file for details