...
- when end entity certificate data has been changed (e.g. Subject DN and/or extensions) has been changed
- when end entity certificate data hasn't been changed at all
Underneath different CMPv2 message is sent: Key Update Certificate Request (KURCR) and Certificate and Key Update Request (CRKUR) respectively.
Solution
Overview
...
| Gliffy Diagram | ||||||||
|---|---|---|---|---|---|---|---|---|
|
API (server) side
New endpoint on CertService API should be available to trigger certificate update use case. Internally (based on sent Certificate Signing Request (CSR), private key (PK) and current certificate 
certificate) it should distinguish if KUR or CR request should be created and sent to CMPv2 server. Message sent to CMPv2 server should be protected by RV/PSK (as Initialization Request nowadays) or by sent certificate
Client side
...
Integration
Certificate update ill will be tested with open source CMPv2 server - EJBCA.