Re-enrollment of application certificate using EST

The certificate re-enrollment process is initiated, if the number of days is less than, or equal to the configured re-enrollment-prior-expiry. To establish mutual TLS authentication session, the switch sends the application certificate to the EST server, which must be renewed.

After a successful enrollment of application certificate, a 24 hours timer is set to check the number of days before the certificate expiry.

NOTE:

If the certificate has already expired, certificate is enrolled using the workflow mentioned in EST enrollment for application certificates using CLI.