In the CertReqMsg structure: |
|
PKI Services supports a single CertReqMsg in
the CertReqMessages field, and rejects a cr message
with more than one CertReqMsg. |
|
certReq |
|
|
popo |
|
In the ProofOfPossession structure: |
|
|
|
signature |
signature is the only supported
choice. It should only be present if the CMP client has supplied publicKey in
the CertTemplate structure. The POPOSigningKey structure
must not contain a poposkInput field. |
In the CertRequest structure: |
|
|
|
certReqId |
|
|
certTemplate |
|
In the CertTemplate structure: |
|
|
|
version |
|
|
serialNumber |
|
|
signingAlg |
|
|
issuer |
If supplied, this field is used in conjunction
with the _PKISERV_CMP_DOMAIN_ISSUERn environment
variables to determine to which PKI Services CA domain to route the
request. For information about the _PKISERV_CMP_DOMAIN_ISSUERn environment
variables, see Table 1.
For information about how PKI Services determines the CA domain, see Determining the CA domain to which a request is routed. |
|
validity |
If supplied, the _PKISERV_CMP_HONOR_CLIENT_DATES
environment variable must set to 1; otherwise the cr message
is rejected. For information about the _PKISERV_CMP_HONOR_CLIENT_DATES
environment variable, see Table 2.
|
|
subject |
If omitted, the cr message
is rejected. |
|
publicKey |
Optional; if omitted PKI Services generates
the public and private keys for the certificate request using environment
variables to determine the key type and size. |
|
extensions |
If the _PKI_CMP_HONOR_CLIENT_EXTS environment
variable is not set to 1 and extensions is
specified, the message is rejected. If the environment variable is
set to 1, extensions is honored if present,
but is not required. |