Your browser does not allow storing cookies. We recommend enabling them.

PreviousNextUp[Front page] [Index]

CMP Service

The CMP Service provides the PKI certificate life-cycle management capabilities. The CMP Service acts as a server for handling incoming CMP messages (including certification requests and revocation requests). The CMP Service can be configured to provide either TCP or HTTP-based transport for the Certificate Management Protocol (CMP).

The CMP implementation of SSH Tectia Certifier is based on Internet-Draft documents draft-ietf-pkix-rfc2510bis and draft-ietf-pkix-rfc2511bis, also known as CMPv2. The CMP messages currently supported in the CMP Service are:

  • Initial request
  • Cross-certification request
  • PKCS#10 request
  • Revocation request
  • Certification requests signed by an initialized end entity

In CMP, an end entity needs to send an initial request when the first certificate is enrolled from a given CA. Consequent certification requests can be signed with the valid private key to facilitate automatic key renewal. Revocation requests can be used to inform the CA about the need to revoke a certificate.

The default port in the CMP Service for CMP on TCP is 829. For HTTP transport the URL is http://host:8080/pkix/. These parameters can be modified by editing the CMP Service via the Certifier Administration Service. See Section Editing the CMP Service.

The communication between RAs and CAs of SSH Tectia Certifier uses CMP. Also SSH Token Master, whether used as an RA or end entity, uses CMP for requesting certificates from the CA or RA.

SSH Tectia Certifier ships with a simple command-line utility that supports the client side of the corresponding server-side functionality of the CMP Service. It can be used to generate private keys and performing enrollment, key updates and revocation requests. For more information, see Section ssh-cmpclient.

PreviousNextUp[Front page] [Index]

Want to see how PrivX can help your organisation?

Are you a DEVELOPER accessing cloud hosts, are you a IT ADMIN managing access & credentials in your corporation, are you BUSINESS MANAGER and want to save money or are you responsible of IT SECURITY in DevOps