[Pki-devel] [PATCH] Bug-1447080-CC-CMC-allow-enrollment-key-signed-self-.patch
Christina Fu
cfu at redhat.com
Tue May 16 01:29:19 UTC 2017
(pague ticket is yet to be cloned)
Bug 1447080 - CC: CMC: allow enrollment key signed (self-signed) CMC
with identity proof
This patch implements handling of the self-signed CMC requests, where
the request is signed by the public key of the underlying request
(PKCS#10 or CRMF). The scenario for when this method is used is when
there was no existing signing cert for the user has been issued before,
and once it is issued, it can be used to sign subsequent cert requests
by the same user.
The new enrollment profile introduced is : caFullCMCSelfSignedCert.cfg
The new option introduced to both CRMFPopClient and PKCS10Client is "-y"
which will add the required SubjectKeyIdentifier to the underlying request.
When a CMC request is self-signed, no auditSubjectID is available until
Identification Proof (v2) is verified, however, the cert subject DN is
recorded in log as soon as it was available for additional information.
thanks!
Christina
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Bug-1447080-CC-CMC-allow-enrollment-key-signed-self-.patch
Type: text/x-patch
Size: 151290 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20170515/3d2f1d35/attachment.bin>
More information about the Pki-devel
mailing list