Issues a new certificate for authenticating in CA Gateway (see evactl enroll for how to generate the first certificate).

evactl reenroll -l <ca_label> -u <url> [-c <tls_ca_path>] [-i <cert-id>]

For example:

$ sudo evactl reenroll -u https://mycagateway.example.com:9443/.well-known/est/intcagwidp/simplereenroll -l intcagwidp

See below for a description of each option.

Run this command before the current certificate expires.

-c <tls_ca_path>

Validate the TLS server certificate of CA Gateway with <tls_ca_path>. Where <tls_ca_path> is the path of a CA file in PEM format.

Mandatory: No. When omitting this option, the command uses the CA configured in CSP CA Gateway.

-i <cert_id>

Authenticate in CA Gateway with the <cert_id> certificate, where <cert_id> is the identifier of the certificate described in CA Gateway for Validation Authority

Mandatory: No. This optional parameter defaults to the latest client certificate imported with the evactl import-p12 command. 

Run the evactl list-certs command to list the available certificates and the latest one imported.

-l <ca_label>

Use the <ca_label> CA, where <ca_label> is the label of a CA in the End Entity Enrollment server of CA Gateway.

Mandatory: Yes.

-u <url>

Select the End Entity Enrollment server of CA Gateway exposed in the <url>  URL.

Mandatory: Yes.