URL Parameters
On the ACME, EST and SCEP protocols, EVERTRUST has designed a way to add certificate metadata such as labels, ownership and technical metadata.
This syntax works by editing the Horizon profile name to provide these metadata.
The possible items are the following:
-
team
-
owner
-
mail
-
label.<label name>
-
metadata.<technical metadata type>
These items value can be given by adding : and then the value.
These can be added to the profile name following a ~, as follows:
<profile name>~<metadata 1>,<metadata 2>
For example, to add:
-
the label
my-labelwith valuetest-label -
the owner with value
my-owner
to the following EST endpoint for profile est-profile: https://horizon.evertrust/.well-known/est/est-profile/cacerts
The new endpoint is: https://horizon.evertrust/.well-known/est/est-profile~my-label:test-label,owner:my-owner/cacerts
Base64 encoding for the metadata values is also allowed. For the above example, this would make the new name est-profile~bXktbGFiZWw6dGVzdC1sYWJlbCxvd25lcjpteS1vd25lcgo=
|
| URLs are transmitted in plaintext when using TLS versions prior to 1.3, exposing this information to potential interception |