Your browser does not allow this site to store cookies and other data. Some functionality on this site may not work without them. See Privacy Policy for details on how we would use cookies.

PreviousNextUp[Front page] [Index]

CMP Service

The CMP Service provides the PKI certificate life-cycle management capabilities. The CMP Service acts as a server for handling incoming CMP messages (including certification requests and revocation requests). The CMP Service can be configured to provide either TCP or HTTP-based transport for the Certificate Management Protocol (CMP).

The CMP implementation of SSH Tectia Certifier is based on Internet-Draft documents draft-ietf-pkix-rfc2510bis and draft-ietf-pkix-rfc2511bis, also known as CMPv2. The CMP messages currently supported in the CMP Service are:

  • Initial request
  • Cross-certification request
  • PKCS#10 request
  • Revocation request
  • Certification requests signed by an initialized end entity

In CMP, an end entity needs to send an initial request when the first certificate is enrolled from a given CA. Consequent certification requests can be signed with the valid private key to facilitate automatic key renewal. Revocation requests can be used to inform the CA about the need to revoke a certificate.

The default port in the CMP Service for CMP on TCP is 829. For HTTP transport the URL is http://host:8080/pkix/. These parameters can be modified by editing the CMP Service via the Certifier Administration Service. See Section Editing the CMP Service.

The communication between RAs and CAs of SSH Tectia Certifier uses CMP. Also SSH Token Master, whether used as an RA or end entity, uses CMP for requesting certificates from the CA or RA.

SSH Tectia Certifier ships with a simple command-line utility that supports the client side of the corresponding server-side functionality of the CMP Service. It can be used to generate private keys and performing enrollment, key updates and revocation requests. For more information, see Section ssh-cmpclient.

PreviousNextUp[Front page] [Index]