| In the CertReqMsg structure: |
|
PKI Services supports a single CertReqMsg in
the CertReqMessages field, and rejects a cr message
with more than one CertReqMsg. |
| |
certReq |
|
| |
popo |
|
| In the ProofOfPossession structure: |
|
|
| |
signature |
signature is the only supported
choice. It should only be present if the CMP client has supplied publicKey in
the CertTemplate structure. The POPOSigningKey structure
must not contain a poposkInput field. |
| In the CertRequest structure: |
|
|
| |
certReqId |
|
| |
certTemplate |
|
| In the CertTemplate structure: |
|
|
| |
version |
|
| |
serialNumber |
|
| |
signingAlg |
|
| |
issuer |
If supplied, this field is used in conjunction
with the _PKISERV_CMP_DOMAIN_ISSUERn environment
variables to determine to which PKI Services CA domain to route the
request. For information about the _PKISERV_CMP_DOMAIN_ISSUERn environment
variables, see Table 1.
For information about how PKI Services determines the CA domain, see Determining the CA domain to which a request is routed. |
| |
validity |
If supplied, the _PKISERV_CMP_HONOR_CLIENT_DATES
environment variable must set to 1; otherwise the cr message
is rejected. For information about the _PKISERV_CMP_HONOR_CLIENT_DATES
environment variable, see Table 2.
|
| |
subject |
If omitted, the cr message
is rejected. |
| |
publicKey |
Optional; if omitted PKI Services generates
the public and private keys for the certificate request using environment
variables to determine the key type and size. |
| |
extensions |
If the _PKI_CMP_HONOR_CLIENT_EXTS environment
variable is not set to 1 and extensions is
specified, the message is rejected. If the environment variable is
set to 1, extensions is honored if present,
but is not required. |
z/OS Cryptographic Services PKI Services Guide and Reference
Copyright IBM Corporation 1990, 2014