...
| Method | Endpoint | Parameter | Returned values | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Name | Is required? | Transfer method | Description | Name | Always returned? | Transfer method | Description | ||
| GET | /certificate/{caName} | CA name | Yes | Path parameter | Name of Certificate Authority which should sign sent CSR. Must match CertService's CMPv2 servers configuration. | Certificate chain | Yes | Body (JSON) | Signed Base64 decoded  signed certificate with whole certificate chain (intermediate CA certificates). |
| Base64 encoded CSR (Certificate Signing Request) | Yes | Header | Certificate Signing Request for given component | Trusted certificates | Yes | Body (JSON) | Trusted Base64 decoded list of trusted certificates. In other words list of root CAs which should be treated as trust anchors. Must contain root CA which was used to sign certificate and may contain other root CAs. | ||
| Base64 encoded private key | Yes | Header | Private key. Needed to create proof of possession (PoP) | ||||||
...
CertService contains configuration of CMPv2 servers. To enroll certificate at least one CMPv2 server has to be configured. CMPv2 server servers configuration is read during CertService startup and to take runtime changes require CertService restartinto account CertService's refresh configuration endpoint has to be called.
Section holds all properties which are planned to be supported by CertService for CMPv2 based server.
...
CMPv2 will get two POJOs and one String: first with CSR, plain fields extracted from CSR (like Common Name, Countrysubject DN, list of SANs, etc) and private key (in general data passed via REST API call) and second with CMPv2 server details and CA name
More info TBA
| Input value | Input type | Description | Usage |
|---|---|---|---|
| CsrModel | Object | POJO which transfers sent CSR, plain fields extracted from CSR (like Common Name, Country, etc) | |
| CsrModel:: csr | org.bouncycastle.pkcs.PKCS10CertificationRequest | Certificate Signing Request received via REST API | |
| CsrModel:: subjectDN | org.bouncycastle.asn1.x500.X500Name | SubjectDN retrieved from sent CSR | |
| CsrModel:: privateKey | Either org.bouncycastle.util.io.pem.PemObject or java.security.PrivateKey | Private key received via REST API | |
| CsrModel:: publicKey | Either org.bouncycastle.util.io.pem.PemObject or java.security.PublicKey | Public key retrieved from sent CSR | |
| CsrModel:: ???? | Others (plain data extracted from sent CSR) if needed | | |
| CMPv2ServerDetails | Object | POJO which transfers CMPv2 server properties | |
| CMPv2ServerDetails:: CA name | String | CA name as configured in CMPv2 server properties | |
| CMPv2ServerDetails:: URL | URL or String | URL to CMPv2 server as configured in CMPv2 server details | |
| CMPv2ServerDetails:: IssuerDN | org.bouncycastle.asn1.x500.X500Name | Issuer DN as configured in CMPv2 server details | |
| CMPv2ServerDetails:: CA mode | ENUM | CA mode as configured in CMPv2 server details | |
| CMPv2ServerDetails:: IAK | String | IAK as configured in CMPv2 server details | |
| CMPv2ServerDetails:: RV | String | RV as configured in CMPv2 server details | |
| CA name | String | CA name received via REST API |
...