PKI Services supports the following request message types from
the client:
- Certificate request message (type cr)
- Revocation request message (type rr)
- PKCS #10 certificate request message (type p10cr)
and responds with one of the following response messages:
- Certificate response message (type cp)
- Revocation response message (type rp)
- Error message (type error)
Each message supported by PKI Services contains the following
parts:
- The header, containing information common to many messages
- The body, containing information specific to the message
- Optionally, certificates that might be useful to the recipient
Table 1 identifies the fields
in the PKIMessage structure defined in RFC 4210 that
PKI Services supports.
Table 1. Supported fields in the PKIMessage structureField name |
Notes |
---|
header |
See Table 2. |
body |
See Table 3. |
extraCerts |
This field can be used by the client on
a certificate request message (cr) when PKI Services is generating
the public and private key for the requested certificate. This field
can contain a list of x.509 certificates to be used as recipients
of the private key to be returned by PKI Services. If this field is
present, the _PKISERV_CMP_HONOR_CLIENT_CERTS environment variable
determines whether extra certificates are allowed, and how many are
allowed. If allowed, and if PKI Services generates the public and
private key pair for the request, each certificate has a recipientInfo
structure added to the returned encrypted private key (PKCS #7 EnvelopedData
structure). For information about the _PKISERV_CMP_HONOR_CLIENT_CERTS
environment variable, seeTable 3.
|
Table 2 identifies the fields
in the PKIHeader structure defined in RFC 4210 that
PKI Services supports.
Table 3 identifies the values
in the PKIBody structure defined in RFC 4210 that
PKI Services supports. These are the CMP message types.
Table 3. Supported values in the PKIBody structure.
These are the CMP message types that PKI Services supports.Value |
Description |
Notes |
---|
cr |
Certificate request |
See Table 1. |
cp |
Certificate response |
See Table 1. |
p10cr |
PKCS #10 certificate request |
See Table 1. |
rr |
Revocation request |
See Table 1. |
rp |
Revocation response |
See Table 1. |
error |
Error message |
See Table 1. |