Issues a new certificate for authenticating in CA Gateway (see evactl enroll for how to generate the first certificate).
evactl reenroll -l <ca_label> -u <url> [-c <tls_ca_path>] [-i <cert-id>]For example:
$ sudo ./evactl reenroll -u https://mycagateway.example.com:9443/.well-known/est/intcagwidp/simplereenroll -l intcagwidpSee below for a description of each option.
Run this command before the current certificate expires.
-c <tls_ca_path>
Validate the TLS server certificate of CA Gateway with <tls_ca_path>. Where <tls_ca_path> is the path of a CA file in PEM format.
Mandatory: No. When omitting this option, the command uses the CA configured in TLS CA certificate.
-i <cert_id>
Authenticate in CA Gateway with the <cert_id> certificate, where <cert_id> is a certificate identifier.
Run the evactl list-certs command to list the available certificate identifiers.
Mandatory: No. This optional parameter defaults to the latest client certificate imported as explained in Importing the CA Gateway client certificate.
Run the evactl list-certs to command to check the latest imported certificate.
-l <ca_label>
Use the <ca_label> CA, where <ca_label> is the label of a CA in the End Entity Enrollment server of CA Gateway.
Mandatory: Yes.
-u <url>
Select the End Entity Enrollment server of CA Gateway exposed in the <url> URL.
Mandatory: Yes.