How to Request an EST challenge
This section details how you can get an EST Challenge.
1. Log in to Horizon Registration Authority Interface
2. Access Request an EST Challenge from the drawer: 
Request an EST Challenge
|
You must have the permission to request an EST challenge on at least one EST profile. |
Metadata tab
1. Fill in all the mandatory fields:
-
Labels(string):
The labels are used for permission, email and request search. -
Contact email address(string email format):
Used if an email notification is set. An email can be sent each time the request status changes (see request lifecycle). -
Requester comment(string):
This comment appears:-
to the approver when your request is in the pending status
-
in the certificate information after the enrollment
-
2. Click on next button
Summary
If you own the enrolling permission on the EST profile:
1. Click on the Retrieve challenge button
If you own the "request" permission on the EST profile:
1. Click on request button
|
You have to wait that your request is approved by an operator and its status is 'completed', in order to use your EST challenge |
2. click on View Request 
You now have access to your EST challenge
|
You can cancel your request at any time, as long as the request status is pending, by clicking on |
How to enroll using EST
This section details how to enroll using the Horizon Client (horizon-cli). It is also possible to use another EST client implementation, as long as it complies with RFC 7030.
Enroll with Horizon Client
1. Set the horizon root endpoint
export ``ENDPOINT``=https://<horizon_url>|
The |
2. Enroll with horizon-cli
horizon-cli est --enroll <your_challenge> --profile <est_profile> --key <link_to_the_privatekey> --cn <certificate_cn> --cert <name_of_the_output_certificate>|
If the enrollment succeeds, the challenge is no longer usable, as it is a one-time password. |