You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Currently the POC for CMPv2 client is working based on the inputs below.

Input Table for CMPV2 client:

Input Values

Description

Usage

csrMetacsrMeta object from aaf, would contain values needed for certificate request. any needed values that should be stored in the csrMeta will be mentioned below.stores all pertinent values for certificate request - these will be detailed below, and should be set before being passed to the cmpv2 client.
csrMeta:IssuerDndistinguished name of the CA we're receiving certificate from. Cannot be nullused in the creation of the cert on EJBCA server
csrMeta: SubjectDnDistinguished name of the Entity the certificate is being issued to/ Certificate Requesting Entity. Cannot be null.used in the creation of the cert on EJBCA server
csrMeta: KeyPairKeyPair associated with the entity the certificate is being issued to. Cannot be nullused to create proof of possession for request to EJBCA server
csrMeta: Passwordsecret password value shared by EJBCA server. Cannot be nullused to authenticate ourselves to the EJBCA serve

csrMeta: CA Details

Certification Authority Details ( Http address, Port number and Path (which includes alias if used)). Cannot be nullused to Post Http request to External CA.

.cer file

.cer (CSR) generated by Cert-man using Key-pair. Cannot be null.

used to validate response (.crt)/ certificate send from EJBCA server

beforeDatedate object representing the date a certificate is not valid beforeused to add a valid date period for the cert.
afterDatedate object representing the date a certificate is not valid afterused to add a valid date period for the cert.
caNamethe name and general description of the external CAused for debugging purposes
caModestring noting whether the server we are contacting will be operating in either client or RA modeused for debugging purposes

Relevant values in Certificate Request message to EJBCA:

Value

Description

Information Included

PKIHeaderContains information common to many PKI messages.
  • SenderDN
  • IssuerDN
  • ProtectionAlgorithm(used for PkiProtection below)
PKIBodycontains message-specific information ie. certificate request message
  • CertificateRequestMessage, which includes:
    • SubjectDN
    • IssuerDN
    • SubjectPublicKey
PKIProtectioncontains bits that protect PKImessage (Specifically the iak/rv)
  • No labels