diff options
| author | Christina Fu <cfu@redhat.com> | 2017-05-15 18:15:36 -0700 |
|---|---|---|
| committer | Christina Fu <cfu@redhat.com> | 2017-05-17 11:45:14 -0700 |
| commit | 3c43b1119ca978c296a38a9fe404e1c0cdcdab63 (patch) | |
| tree | e232c34a1f4fdba15737e6d55c24ecfdaccfce13 /base/server/python | |
| parent | 75f588c291c1ab27e1e2b4edaa4c254a8bbc21a2 (diff) | |
| download | pki-3c43b1119ca978c296a38a9fe404e1c0cdcdab63.tar.gz pki-3c43b1119ca978c296a38a9fe404e1c0cdcdab63.tar.xz pki-3c43b1119ca978c296a38a9fe404e1c0cdcdab63.zip | |
Tocket2673- CMC: allow enrollment key signed (self-signed) CMC with identity proof
This patch implements the self-signed CMC requests, where the request is signed by the public key of the underlying request (PKCS#10 or CRMF). The scenario for when this method is used is when there was no existing signing cert for the user has been issued before, and once it is issued, it can be used to sign subsequent cert requests by the same user. The new enrollment profile introduced is : caFullCMCSelfSignedCert.cfg The new option introduced to both CRMFPopClient and PKCS10Client is "-y" which will add the required SubjectKeyIdentifier to the underlying request. When a CMC request is self-signed, no auditSubjectID is available until Identification Proof (v2) is verified, however, the cert subject DN is recorded in log as soon as it was available for additional information. Auditing is adjusted. More will come in the next couple CMC patches.
Diffstat (limited to 'base/server/python')
0 files changed, 0 insertions, 0 deletions