arbitrary-label

Description

Within the EST profile context, configures the generic optional label (also known as arbitrary label) to be concatenated to the EST server URL that is configured with theurlcommand. There is no arbitrary label configured by default. Any existing arbitrary label is replaced by this command. The use of arbitrary labels is optional.

RFC 7030 allows the use of arbitrary labels so that one EST server may serve multiple CAs with the same server URL that gets concatenated with different arbitrary labels. The same label is used for every request made under a particular EST profile.

Some EST schemes use arbitrary labels in a more sophisticated way, defining different labels for different types of requests under the same EST profile. For example, the CA certificate request could use the generic label (configured with thisarbitrary-label外壳命令),证书登记请求d use the enrollment label (configured with thearbitrary-label-enrollmentcommand), and the re-enrollment request could use the re-enrollment label (configured with thearbitrary-label-reenrollmentcommand). Note that only one label of each of the three available types can be configured in any EST profile.

The no form of this command removes the generic arbitrary label.

Command context

config-est-

Parameters

Specifies the generic arbitrary label. Range: Up to 64 characters.

Authority

Administrators or local user group members with execution rights for this command.

Examples

Configuring the URL and generic arbitrary label. Note that with the URL and arbitrary label configured in this example, the final URL the switch uses to request CA certificates from the EST server ishttps://est-service999.com/.well-known/est/rsa2048/cacerts.

switch(config)#crypto pki est-profile EST-service1switch(config)#url https://est-service999.com/.well-known/estswitch(config-est-EST-service1)#arbitrary-label rsa2048

Removing the generic arbitrary label:

switch(config)#crypto pki est-profile EST-service1switch(config-est-EST-service1)#no arbitrary-label