You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Currently the POC for CMPv2 client is working based on the inputs below.

Input Table for CMPV2 client:

Input Values

Input Type

Description

Usage

csrMetaobjectcsrMeta object from aaf, would contain values needed for certificate request. any needed values that should be stored in the csrMeta will be mentioned below.stores all pertinent values for certificate request - these will be detailed below, and should be set before being passed to the cmpv2 client.
csrMeta:IssuerDn
distinguished name of the CA we're receiving certificate from. Cannot be nullused in the creation of the cert on EJBCA server
csrMeta: SubjectDn
Distinguished name of the Entity the certificate is being issued to/ Certificate Requesting Entity. Cannot be null.used in the creation of the cert on EJBCA server
csrMeta: KeyPair
KeyPair associated with the entity the certificate is being issued to. Cannot be nullused to create proof of possession for request to EJBCA server
csrMeta: Password
secret password value shared by EJBCA server. Cannot be nullused to authenticate ourselves to the EJBCA serve

csrMeta: CA Details


Certification Authority Details ( Http address, Port number and Path (which includes alias if used)). Cannot be nullused to Post Http request to External CA.

.cer file

java.security.cert.Certificate.cer (CSR) generated by Cert-man using Key-pair. Cannot be null.

used to validate response (.crt)/ certificate send from EJBCA server

beforeDate
date object representing the date a certificate is not valid beforeused to add a valid date period for the cert.
afterDate
date object representing the date a certificate is not valid afterused to add a valid date period for the cert.
caName
the name and general description of the external CAused for debugging purposes
caMode
string noting whether the server we are contacting will be operating in either client or RA modeused for debugging purposes

Relevant values in Certificate Request message to EJBCA:

Value

Description

Information Included

PKIHeaderContains information common to many PKI messages.
  • SenderDN
  • IssuerDN
  • ProtectionAlgorithm(used for PkiProtection below)
PKIBodycontains message-specific information ie. certificate request message
  • CertificateRequestMessage, which includes:
    • SubjectDN
    • IssuerDN
    • SubjectPublicKey
PKIProtectioncontains bits that protect PKImessage (Specifically the iak/rv)
  • No labels