Re-enrollment of application certificate using EST

The certificate re-enrollment process is initiated, if the number of days is less than, or equal to the configured re-enrollment-prior-expiry. To establish mutual TLS authentication session, the switch sends the application certificate to the EST server, which must be renewed.

After a successful enrollment of application certificate, a 24 hours timer is set to check the number of days before the certificate expiry.


If the certificate has already expired, certificate is enrolled using the workflow mentioned in EST enrollment for application certificates using CLI.