Support for the CMP certificate response message (type cp)
Table 1 identifies the fields that PKI Services supports in the data structure defined in RFC 4210 for the CMP certificate response message (type cp). The cp message is returned to the CMP client for a successful cr or p10cr request.
| Field name | Notes | |
|---|---|---|
| In the CertRepMessage structure: | privateKey is only returned in response to a cr message that does not specify publicKey. | |
| caPubs | PKI Services does not use this element. | |
| response | ||
| In the CertResponse structure: | PKI Services returns only one CertResponse for a certificate request. | |
| certReqId | ||
| status | ||
| certifiedKeyPair | ||
| rspInfo | PKI Services does not use this element. | |
| In the CertifiedKeyPair structure: | ||
| certOrEncCert | ||
| privateKey | PKI Services sets the object ID for intendedAlg to
the PKCS #7 OID, which is 1.2.840.113549.1.7. encValue is a bit string encapsulation of a PKCS #7 EnvelopedData structure whose encrypted content is the DER-encoded private key for the issued certificate. |