Currently the POC for CMPv2 client is working based on the inputs below.
Input Table for CMPV2 client:
Input Values | Description | Usage |
---|---|---|
IssuerDN | distinguished name of the CA we're receiving certificate from | to distinguish which CA to use on the EJBCA server |
SenderDN | Distinguished name of the CA sending the PKI message | used in the creation of cert on EJBCA server |
SubjectDNSubjectDN / Sender DN | Distinguished name of the entity the certificate is being issued to | used in the creation of the cert on EJBCA server |
KeyPair | KeyPair associated with the entity the certificate is being issued to | used to create proof of possession for request to EJBCA server |
IAK/RV | secret username/password value shared by EJBCA server | used to authenticate ourselves to the EJBCA serve |
.cer file | .cer (CSR) generated by Cert-man using Key-pair. | used to validate response (.crt)/ certificate send from EJBCA server |
CA Details | Certification Authority Details (Name, Http address, Alias to use, Port number) | used to Post Http request to External CA. |
Relevant values in Certificate Request message to EJBCA:
Value | Description | Information Included |
---|---|---|
PKIHeader | Contains information common to many PKI messages. |
|
PKIBody | contains message-specific information ie. certificate request message |
|
PKIProtection | contains bits that protect PKImessage (Specifically the iak/rv) |
...