Currently the POC for CMPv2 client is working based on the inputs below.
CMPv2 adapter properties:
Section holds all properties which are planned to be supported by CMPv2 adapter. Some parameters are planned to be processed before sending to CMPv2 client.
Parameter name | Required | Default | Syntax | Description |
---|---|---|---|---|
IP | Yes | IPv4 | ||
Port | Yes | 8080 | Port number (1-65535) | |
Path | Yes | /pkix | ||
Issuer DN | Yes | String (3-256) | ||
Authentication data | Yes | |||
CA Name | No | String (1-128) | ||
CA Mode | No | String from predefined set: CLIENT_MODE and RA_MODE |
Input Table for CMPV2 client:
Input Values | Input Type | Description | Usage |
---|---|---|---|
csrMeta | object | csrMeta object from aaf, would contain values needed for certificate request. any needed values that should be stored in the csrMeta will be mentioned below. | stores all pertinent values for certificate request - these will be detailed below, and should be set before being passed to the cmpv2 client. |
csrMeta:IssuerDn | org.bouncycastle.asn1.x500.X500Name | distinguished name of the CA we're receiving certificate from. Cannot be null | used in the creation of the cert on EJBCA server |
csrMeta: SubjectDn | org.bouncycastle.asn1.x500.X500Name | Distinguished name of the Entity the certificate is being issued to/ Certificate Requesting Entity. Cannot be null. | used in the creation of the cert on EJBCA server |
csrMeta: KeyPair | java.security.KeyPair | KeyPair associated with the entity the certificate is being issued to. Cannot be null | used to create proof of possession for request to EJBCA server |
csrMeta: Password | object which contains iak/rv? | secret password value shared by EJBCA server. Cannot be null | used to authenticate ourselves to the EJBCA serve |
csrMeta: CA Details | object | Certification Authority Details ( Http address, Port number and Path (which includes alias if used)). Cannot be null | used to Post Http request to External CA. |
.cer file | java.security.cert.Certificate | .cer (CSR) generated by Cert-man using Key-pair. Cannot be null. | used to validate response (.crt)/ certificate send from EJBCA server |
caName | string | the name which is a general description of the external CA | used for debugging purposes |
caMode | enum | string noting whether the server we are contacting will be operating in either client or RA mode | used for debugging purposes |
Relevant values in Certificate Request message to EJBCA:
Value | Description | Information Included |
---|---|---|
PKIHeader | Contains information common to many PKI messages. |
|
PKIBody | contains message-specific information ie. certificate request message |
|
PKIProtection | contains bits that protect PKImessage (Specifically the iak/rv) |