arbitrary-label-reenrollment
Syntax
arbitrary-label-reenrollmentno arbitrary-label-reenrollmentDescription
Within the EST profile context, configures the arbitrary re-enrollment label to be concatenated to the EST server URL that is configured with theurlcommand. This label is specific to the re-enrollment operation. There is no arbitrary re-enrollment label configured by default. Any existing arbitrary re-enrollment label is replaced by this command. The use of arbitrary re-enrollment labels is optional.
When the re-enrollment label is not configured, the generic arbitrary label (created with thearbitrary-labelcommand) is used (if configured) for re-enrollment.
RFC 7030 allows the use of arbitrary labels so that one EST server may serve multiple CAs with the same server URL that gets concatenated with different arbitrary labels. The same label is used for every request made under a particular EST profile.
Some EST schemes use arbitrary labels in a more sophisticated way, defining different labels for different types of requests under the same EST profile. For example, the CA certificate request could use the generic label (configured with thearbitrary-label外壳命令),证书登记请求d use the enrollment label (configured with thearbitrary-label-enrollmentcommand), and the re-enrollment request could use the re-enrollment label (configured with thisarbitrary-label-reenrollmentcommand). Note that only one label of each of the three available types can be configured in any EST profile.
The no form of this command removes the arbitrary re-enrollment label.
Command context
config-est-
Parameters
-
-
Specifies the arbitrary re-enrollment label. Range: Up to 64 characters.
Authority
Administrators or local user group members with execution rights for this command.
Examples
Configuring the arbitrary re-enrollment label:
switch(config)#crypto pki est-profile EST-service1switch(config-est-EST-service1)#arbitrary-label-reenrollment ipsec-v7
Removing the arbitrary re-enrollment label :
switch(config)#crypto pki est-profile EST-service1switch(config-est-EST-service1)#no arbitrary-label-reenrollment