135 files changed, 1471 insertions, 1390 deletions

diff --git a/base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java b/base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java
index 8fa4b9bb4..b00084d42 100644
--- a/base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java
+++ b/base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java
@@ -33,23 +33,24 @@ import org.mozilla.jss.crypto.AlreadyInitializedException;
 import org.mozilla.jss.crypto.CryptoToken;
 import org.mozilla.jss.util.Password;
 
+import com.netscape.certsrv.cert.CertData;
+import com.netscape.certsrv.cert.CertDataInfo;
+import com.netscape.certsrv.cert.CertDataInfos;
+import com.netscape.certsrv.cert.CertEnrollmentRequest;
+import com.netscape.certsrv.cert.CertNotFoundException;
+import com.netscape.certsrv.cert.CertRequestInfo;
+import com.netscape.certsrv.cert.CertRequestInfos;
+import com.netscape.certsrv.cert.CertReviewResponse;
+import com.netscape.certsrv.cert.CertSearchRequest;
 import com.netscape.certsrv.dbs.certdb.CertId;
+import com.netscape.certsrv.profile.ProfileData;
+import com.netscape.certsrv.profile.ProfileDataInfo;
+import com.netscape.certsrv.profile.ProfileDataInfos;
+import com.netscape.certsrv.profile.ProfileInput;
 import com.netscape.certsrv.request.RequestId;
-import com.netscape.cms.client.cli.ClientConfig;
-import com.netscape.cms.servlet.cert.CertNotFoundException;
-import com.netscape.cms.servlet.cert.model.CertDataInfo;
-import com.netscape.cms.servlet.cert.model.CertDataInfos;
-import com.netscape.cms.servlet.cert.model.CertSearchData;
-import com.netscape.cms.servlet.cert.model.CertificateData;
-import com.netscape.cms.servlet.profile.model.ProfileData;
-import com.netscape.cms.servlet.profile.model.ProfileDataInfo;
-import com.netscape.cms.servlet.profile.model.ProfileDataInfos;
-import com.netscape.cms.servlet.profile.model.ProfileInput;
-import com.netscape.cms.servlet.request.RequestNotFoundException;
-import com.netscape.cms.servlet.request.model.AgentEnrollmentRequestData;
-import com.netscape.cms.servlet.request.model.CertRequestInfo;
-import com.netscape.cms.servlet.request.model.CertRequestInfos;
-import com.netscape.cms.servlet.request.model.EnrollmentRequestData;
+import com.netscape.certsrv.request.RequestNotFoundException;
+import com.netscape.cms.client.ClientConfig;
+import com.netscape.cms.client.ca.CAClient;
 
 public class CATest {
 
@@ -148,13 +149,13 @@ public class CATest {
             log("Exception in logging into token:" + e.toString());
         }
 
-        CARestClient client;
+        CAClient client;
         try {
             ClientConfig config = new ClientConfig();
             config.setServerURI(protocol + "://" + host + ":" + port + "/ca");
             config.setCertNickname(clientCertNickname);
 
-            client = new CARestClient(config);
+            client = new CAClient(config);
         } catch (Exception e) {
             e.printStackTrace();
             return;
@@ -172,7 +173,7 @@ public class CATest {
         //Get a CertInfo
         int certIdToPrint = 1;
         CertId id = new CertId(certIdToPrint);
-        CertificateData certData = null;
+        CertData certData = null;
         try {
             certData = client.getCertData(id);
         } catch (CertNotFoundException e) {
@@ -186,7 +187,7 @@ public class CATest {
         //Get a CertInfo
         int certIdBadToPrint = 9999999;
         CertId certIdBad = new CertId(certIdBadToPrint);
-        CertificateData certDataBad = null;
+        CertData certDataBad = null;
         try {
             certDataBad = client.getCertData(certIdBad);
         } catch (CertNotFoundException e) {
@@ -209,15 +210,15 @@ public class CATest {
 
         //Initiate a Certificate Enrollment
 
-        EnrollmentRequestData data = createUserCertEnrollment();
+        CertEnrollmentRequest data = createUserCertEnrollment();
         enrollAndApproveCertRequest(client, data);
 
         // submit a RA authenticated user cert request
-        EnrollmentRequestData rdata = createRAUserCertEnrollment();
+        CertEnrollmentRequest rdata = createRAUserCertEnrollment();
         enrollCertRequest(client, rdata);
 
         // now try a manually approved server cert
-        EnrollmentRequestData serverData = createServerCertEnrollment();
+        CertEnrollmentRequest serverData = createServerCertEnrollment();
         enrollAndApproveCertRequest(client,serverData);
 
         // submit using an agent approval profile
@@ -226,7 +227,7 @@ public class CATest {
 
         //Perform a sample certificate search with advanced search terms
 
-        CertSearchData searchData = new CertSearchData();
+        CertSearchRequest searchData = new CertSearchRequest();
         searchData.setSerialNumberRangeInUse(true);
         searchData.setSerialFrom("9999");
         searchData.setSerialTo("99990");
@@ -252,7 +253,7 @@ public class CATest {
 
         //Perform another sample certificate search with advanced search terms
 
-        searchData = new CertSearchData();
+        searchData = new CertSearchRequest();
         searchData.setSubjectInUse(true);
         searchData.setEmail("jmagne@redhat.com");
         searchData.setMatchExactly(true);
@@ -275,7 +276,7 @@ public class CATest {
 
     }
 
-    private static void enrollAndApproveCertRequest(CARestClient client, EnrollmentRequestData data) {
+    private static void enrollAndApproveCertRequest(CAClient client, CertEnrollmentRequest data) {
         CertRequestInfos reqInfo = null;
         try {
             reqInfo = client.enrollCertificate(data);
@@ -287,7 +288,7 @@ public class CATest {
         for (CertRequestInfo info : reqInfo.getRequests()) {
             printRequestInfo(info);
 
-            AgentEnrollmentRequestData reviewData = client.reviewRequest(info.getRequestId());
+            CertReviewResponse reviewData = client.reviewRequest(info.getRequestId());
             log(reviewData.toString());
 
             reviewData.setRequestNotes("This is an approval message");
@@ -295,7 +296,7 @@ public class CATest {
         }
     }
 
-    private static void enrollCertRequest(CARestClient client, EnrollmentRequestData data) {
+    private static void enrollCertRequest(CAClient client, CertEnrollmentRequest data) {
         CertRequestInfos reqInfo = null;
         try {
             reqInfo = client.enrollCertificate(data);
@@ -309,8 +310,8 @@ public class CATest {
         }
     }
 
-    private static EnrollmentRequestData createUserCertEnrollment() {
-        EnrollmentRequestData data = new EnrollmentRequestData();
+    private static CertEnrollmentRequest createUserCertEnrollment() {
+        CertEnrollmentRequest data = new CertEnrollmentRequest();
         data.setProfileId("caUserCert");
         data.setIsRenewal(false);
 
@@ -340,8 +341,8 @@ public class CATest {
         return data;
     }
 
-    private static EnrollmentRequestData createRAUserCertEnrollment() {
-        EnrollmentRequestData data = new EnrollmentRequestData();
+    private static CertEnrollmentRequest createRAUserCertEnrollment() {
+        CertEnrollmentRequest data = new CertEnrollmentRequest();
         data.setProfileId("caDualRAuserCert");
         data.setIsRenewal(false);
 
@@ -365,8 +366,8 @@ public class CATest {
         return data;
     }
 
-    private static EnrollmentRequestData createServerCertEnrollment() {
-        EnrollmentRequestData data = new EnrollmentRequestData();
+    private static CertEnrollmentRequest createServerCertEnrollment() {
+        CertEnrollmentRequest data = new CertEnrollmentRequest();
         data.setProfileId("caServerCert");
         data.setIsRenewal(false);
 
@@ -505,7 +506,7 @@ public class CATest {
 
     }
 
-    private static void printCertificate(CertificateData info) {
+    private static void printCertificate(CertData info) {
 
         if (info == null) {
             log("No CertificateData: ");
@@ -560,7 +561,7 @@ public class CATest {
 
     private static void usage(Options options) {
         HelpFormatter formatter = new HelpFormatter();
-        formatter.printHelp("CARestClient Test:", options);
+        formatter.printHelp("CAClient Test:", options);
         System.exit(1);
     }
 
diff --git a/base/ca/src/CMakeLists.txt b/base/ca/src/CMakeLists.txt
index cd0c352a8..09cea8ac2 100644
--- a/base/ca/src/CMakeLists.txt
+++ b/base/ca/src/CMakeLists.txt
@@ -31,34 +31,47 @@ find_file(JAXRS_API_JAR
         /usr/share/java/resteasy
 )
 
-# identify java sources
-set(pki-ca_java_SRCS
-    com/netscape/ca/CMSCRLExtensions.java
-    com/netscape/ca/CAService.java
-    com/netscape/ca/SigningUnit.java
-    com/netscape/ca/CRLWithExpiredCerts.java
-    com/netscape/ca/CRLIssuingPoint.java
-    com/netscape/ca/CAPolicy.java
-    com/netscape/ca/CertificateAuthority.java
-    com/netscape/ca/CertificateAuthorityApplication.java
+# build pki-ca
+javac(pki-ca-classes
+    SOURCES
+        com/netscape/ca/*.java
+    CLASSPATH
+        ${PKI_CERTSRV_JAR} ${PKI_CMS_JAR} ${PKI_CMSCORE_JAR}
+        ${PKI_CMSUTIL_JAR} ${PKI_NSUTIL_JAR}
+        ${LDAPJDK_JAR} ${JAXRS_API_JAR}
+        ${JSS_JAR} ${COMMONS_CODEC_JAR} ${SYMKEY_JAR}
+    OUTPUT_DIR
+        ${CMAKE_BINARY_DIR}/classes
+    DEPENDS
+        symkey pki-nsutil pki-cmsutil pki-certsrv pki-cms pki-cmscore
 )
 
+jar(pki-ca-jar
+    CREATE
+        ${CMAKE_BINARY_DIR}/dist/pki-ca-${APPLICATION_VERSION}.jar
+    INPUT_DIR
+        ${CMAKE_BINARY_DIR}/classes
+    FILES
+        com/netscape/ca/*.class
+    DEPENDS
+        pki-ca-classes
+)
 
-# set classpath
-set(CMAKE_JAVA_INCLUDE_PATH
-    ${PKI_CERTSRV_JAR} ${PKI_CMS_JAR} ${PKI_CMSCORE_JAR}
-    ${PKI_CMSUTIL_JAR} ${PKI_NSUTIL_JAR}
-    ${LDAPJDK_JAR} ${JAXRS_API_JAR}
-    ${JSS_JAR} ${COMMONS_CODEC_JAR} ${SYMKEY_JAR})
-
-
-# set version
-set(CMAKE_JAVA_TARGET_VERSION ${APPLICATION_VERSION})
-
+link(pki-ca
+    SOURCE
+        ${CMAKE_BINARY_DIR}/dist/pki-ca.jar
+    DEST
+        pki-ca-${APPLICATION_VERSION}.jar
+    DEPENDS
+        pki-ca-jar
+)
 
-# build pki-ca.jar
-add_jar(pki-ca ${pki-ca_java_SRCS})
-add_dependencies(pki-ca symkey pki-nsutil pki-cmsutil pki-certsrv pki-cms pki-cmscore)
-install_jar(pki-ca ${JAVA_JAR_INSTALL_DIR}/pki)
-set(PKI_CA_JAR ${pki-ca_JAR_FILE} CACHE INTERNAL "pki-ca jar file")
+install(
+    FILES
+        ${CMAKE_BINARY_DIR}/dist/pki-ca.jar
+        ${CMAKE_BINARY_DIR}/dist/pki-ca-${APPLICATION_VERSION}.jar
+    DESTINATION
+        ${JAVA_JAR_INSTALL_DIR}/pki
+)
 
+set(PKI_CA_JAR ${CMAKE_BINARY_DIR}/dist/pki-ca.jar CACHE INTERNAL "pki-ca jar file")
diff --git a/base/ca/src/com/netscape/ca/CertificateAuthorityApplication.java b/base/ca/src/com/netscape/ca/CertificateAuthorityApplication.java
index d539bdb44..bb6431907 100644
--- a/base/ca/src/com/netscape/ca/CertificateAuthorityApplication.java
+++ b/base/ca/src/com/netscape/ca/CertificateAuthorityApplication.java
@@ -5,16 +5,16 @@ import java.util.Set;
 
 import javax.ws.rs.core.Application;
 
-import com.netscape.cms.servlet.admin.GroupMemberResourceService;
-import com.netscape.cms.servlet.admin.GroupResourceService;
-import com.netscape.cms.servlet.admin.SystemCertificateResourceService;
-import com.netscape.cms.servlet.admin.UserCertResourceService;
-import com.netscape.cms.servlet.admin.UserResourceService;
-import com.netscape.cms.servlet.base.CMSException;
-import com.netscape.cms.servlet.cert.CertResourceService;
-import com.netscape.cms.servlet.csadmin.SystemConfigurationResourceService;
-import com.netscape.cms.servlet.profile.ProfileResourceService;
-import com.netscape.cms.servlet.request.CertRequestResourceService;
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.cms.servlet.admin.GroupMemberService;
+import com.netscape.cms.servlet.admin.GroupService;
+import com.netscape.cms.servlet.admin.SystemCertService;
+import com.netscape.cms.servlet.admin.UserCertService;
+import com.netscape.cms.servlet.admin.UserService;
+import com.netscape.cms.servlet.cert.CertService;
+import com.netscape.cms.servlet.csadmin.SystemConfigService;
+import com.netscape.cms.servlet.profile.ProfileService;
+import com.netscape.cms.servlet.request.CertRequestService;
 
 public class CertificateAuthorityApplication extends Application {
     private Set<Object> singletons = new HashSet<Object>();
@@ -22,26 +22,26 @@ public class CertificateAuthorityApplication extends Application {
 
     public CertificateAuthorityApplication() {
         // installer
-        classes.add(SystemConfigurationResourceService.class);
+        classes.add(SystemConfigService.class);
 
         // certs and requests
-        classes.add(CertResourceService.class);
-        classes.add(CertRequestResourceService.class);
+        classes.add(CertService.class);
+        classes.add(CertRequestService.class);
 
         // profile management
-        classes.add(ProfileResourceService.class);
+        classes.add(ProfileService.class);
 
         // user and group management
-        classes.add(GroupMemberResourceService.class);
-        classes.add(GroupResourceService.class);
-        classes.add(UserCertResourceService.class);
-        classes.add(UserResourceService.class);
+        classes.add(GroupMemberService.class);
+        classes.add(GroupService.class);
+        classes.add(UserCertService.class);
+        classes.add(UserService.class);
 
         // system certs
-        classes.add(SystemCertificateResourceService.class);
+        classes.add(SystemCertService.class);
 
         // exception mapper
-        classes.add(CMSException.Mapper.class);
+        classes.add(PKIException.Mapper.class);
     }
 
     public Set<Class<?>> getClasses() {
diff --git a/base/common/functional/src/com/netscape/cms/servlet/test/ConfigurationTest.java b/base/common/functional/src/com/netscape/cms/servlet/test/ConfigurationTest.java
index 67b67fca0..462137ec7 100644
--- a/base/common/functional/src/com/netscape/cms/servlet/test/ConfigurationTest.java
+++ b/base/common/functional/src/com/netscape/cms/servlet/test/ConfigurationTest.java
@@ -56,11 +56,11 @@ import org.mozilla.jss.pkix.primitive.Name;
 import org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo;
 import org.mozilla.jss.util.Password;
 
-import com.netscape.cms.client.cli.ClientConfig;
-import com.netscape.cms.servlet.csadmin.ConfigurationRESTClient;
-import com.netscape.cms.servlet.csadmin.model.CertData;
-import com.netscape.cms.servlet.csadmin.model.ConfigurationData;
-import com.netscape.cms.servlet.csadmin.model.ConfigurationResponseData;
+import com.netscape.certsrv.system.ConfigurationRequest;
+import com.netscape.certsrv.system.ConfigurationResponse;
+import com.netscape.certsrv.system.SystemCertData;
+import com.netscape.cms.client.ClientConfig;
+import com.netscape.cms.client.system.SystemConfigClient;
 import com.netscape.cmsutil.util.Utils;
 
 /**
@@ -184,18 +184,18 @@ public class ConfigurationTest {
             System.out.println("Exception in logging into token:" + e.toString());
         }
 
-        ConfigurationRESTClient client = null;
+        SystemConfigClient client = null;
         try {
             ClientConfig config = new ClientConfig();
             config.setServerURI(protocol + "://" + host + ":" + port + "/" + cstype);
 
-            client = new ConfigurationRESTClient(config);
+            client = new SystemConfigClient(config);
         } catch (URISyntaxException e1) {
             e1.printStackTrace();
             System.exit(1);
         }
 
-        ConfigurationData data = null;
+        ConfigurationRequest data = null;
         switch (testnum) {
         case 1:
             data = constructCAData(host, port, pin, db_dir, token_pwd, token);
@@ -226,14 +226,14 @@ public class ConfigurationTest {
             System.exit(1);
         }
 
-        ConfigurationResponseData response = client.configure(data);
+        ConfigurationResponse response = client.configure(data);
 
         System.out.println("status: " + response.getStatus());
         System.out.println("adminCert: " + response.getAdminCert().getCert());
-        Collection<CertData> certs = response.getSystemCerts();
-        Iterator<CertData> iterator = certs.iterator();
+        Collection<SystemCertData> certs = response.getSystemCerts();
+        Iterator<SystemCertData> iterator = certs.iterator();
         while (iterator.hasNext()) {
-            CertData cdata = iterator.next();
+            SystemCertData cdata = iterator.next();
             System.out.println("tag: " + cdata.getTag());
             System.out.println("cert: " + cdata.getCert());
             System.out.println("request: " + cdata.getRequest());
@@ -241,16 +241,16 @@ public class ConfigurationTest {
 
     }
 
-    private static ConfigurationData constructCAData(String host, String port, String pin, String db_dir,
+    private static ConfigurationRequest constructCAData(String host, String port, String pin, String db_dir,
             String token_pwd, CryptoToken token) throws NoSuchAlgorithmException, TokenException, IOException,
             InvalidBERException {
-        ConfigurationData data = new ConfigurationData();
+        ConfigurationRequest data = new ConfigurationRequest();
         data.setPin(pin);
-        data.setSecurityDomainType(ConfigurationData.NEW_DOMAIN);
+        data.setSecurityDomainType(ConfigurationRequest.NEW_DOMAIN);
         data.setSecurityDomainName("Testca2 security domain");
         data.setIsClone("false");
         data.setHierarchy("root");
-        data.setToken(ConfigurationData.TOKEN_DEFAULT);
+        data.setToken(ConfigurationRequest.TOKEN_DEFAULT);
         data.setSubsystemName("test ca subsystem");
 
         data.setDsHost(host);
@@ -279,8 +279,8 @@ public class ConfigurationTest {
         data.setAdminCertRequestType("crmf");
 
         // create system certs
-        Collection<CertData> systemCerts = new ArrayList<CertData>();
-        CertData cert1 = new CertData();
+        Collection<SystemCertData> systemCerts = new ArrayList<SystemCertData>();
+        SystemCertData cert1 = new SystemCertData();
         cert1.setTag("signing");
         cert1.setKeyAlgorithm("SHA256withRSA");
         cert1.setKeySize("2048");
@@ -292,7 +292,7 @@ public class ConfigurationTest {
 
         systemCerts.add(cert1);
 
-        CertData cert2 = new CertData();
+        SystemCertData cert2 = new SystemCertData();
         cert2.setTag("ocsp_signing");
         cert2.setKeyAlgorithm("SHA256withRSA");
         cert2.setKeySize("2048");
@@ -303,7 +303,7 @@ public class ConfigurationTest {
         cert2.setToken("Internal Key Storage Token");
         systemCerts.add(cert2);
 
-        CertData cert3 = new CertData();
+        SystemCertData cert3 = new SystemCertData();
         cert3.setTag("sslserver");
         cert3.setKeyAlgorithm("SHA256withRSA");
         cert3.setKeySize("2048");
@@ -313,7 +313,7 @@ public class ConfigurationTest {
         cert3.setToken("Internal Key Storage Token");
         systemCerts.add(cert3);
 
-        CertData cert4 = new CertData();
+        SystemCertData cert4 = new SystemCertData();
         cert4.setTag("subsystem");
         cert4.setKeyAlgorithm("SHA256withRSA");
         cert4.setKeySize("2048");
@@ -323,7 +323,7 @@ public class ConfigurationTest {
         cert4.setToken("Internal Key Storage Token");
         systemCerts.add(cert4);
 
-        CertData cert5 = new CertData();
+        SystemCertData cert5 = new SystemCertData();
         cert5.setTag("audit_signing");
         cert5.setKeyAlgorithm("SHA256withRSA");
         cert5.setKeySize("2048");
@@ -339,20 +339,20 @@ public class ConfigurationTest {
         return data;
     }
 
-    private static ConfigurationData constructSubCAData(String host, String port, String pin, String db_dir,
+    private static ConfigurationRequest constructSubCAData(String host, String port, String pin, String db_dir,
             String token_pwd, CryptoToken token) throws NoSuchAlgorithmException, TokenException, IOException,
             InvalidBERException {
-        ConfigurationData data = new ConfigurationData();
+        ConfigurationRequest data = new ConfigurationRequest();
         data.setPin(pin);
 
-        data.setSecurityDomainType(ConfigurationData.EXISTING_DOMAIN);
+        data.setSecurityDomainType(ConfigurationRequest.EXISTING_DOMAIN);
         data.setSecurityDomainUri("https://" + host + ":9225");
         data.setSecurityDomainUser("admin");
         data.setSecurityDomainPassword("redhat123");
 
         data.setIsClone("false");
         data.setHierarchy("join");
-        data.setToken(ConfigurationData.TOKEN_DEFAULT);
+        data.setToken(ConfigurationRequest.TOKEN_DEFAULT);
         data.setSubsystemName("test subca subsystem");
 
         data.setDsHost(host);
@@ -383,8 +383,8 @@ public class ConfigurationTest {
         data.setIssuingCA("https://" + host + ":9224");
 
         // create system certs
-        Collection<CertData> systemCerts = new ArrayList<CertData>();
-        CertData cert1 = new CertData();
+        Collection<SystemCertData> systemCerts = new ArrayList<SystemCertData>();
+        SystemCertData cert1 = new SystemCertData();
         cert1.setTag("signing");
         cert1.setKeyAlgorithm("SHA256withRSA");
         cert1.setKeySize("2048");
@@ -396,7 +396,7 @@ public class ConfigurationTest {
 
         systemCerts.add(cert1);
 
-        CertData cert2 = new CertData();
+        SystemCertData cert2 = new SystemCertData();
         cert2.setTag("ocsp_signing");
         cert2.setKeyAlgorithm("SHA256withRSA");
         cert2.setKeySize("2048");
@@ -407,7 +407,7 @@ public class ConfigurationTest {
         cert2.setToken("Internal Key Storage Token");
         systemCerts.add(cert2);
 
-        CertData cert3 = new CertData();
+        SystemCertData cert3 = new SystemCertData();
         cert3.setTag("sslserver");
         cert3.setKeyAlgorithm("SHA256withRSA");
         cert3.setKeySize("2048");
@@ -417,7 +417,7 @@ public class ConfigurationTest {
         cert3.setToken("Internal Key Storage Token");
         systemCerts.add(cert3);
 
-        CertData cert4 = new CertData();
+        SystemCertData cert4 = new SystemCertData();
         cert4.setTag("subsystem");
         cert4.setKeyAlgorithm("SHA256withRSA");
         cert4.setKeySize("2048");
@@ -427,7 +427,7 @@ public class ConfigurationTest {
         cert4.setToken("Internal Key Storage Token");
         systemCerts.add(cert4);
 
-        CertData cert5 = new CertData();
+        SystemCertData cert5 = new SystemCertData();
         cert5.setTag("audit_signing");
         cert5.setKeyAlgorithm("SHA256withRSA");
         cert5.setKeySize("2048");
@@ -443,18 +443,18 @@ public class ConfigurationTest {
         return data;
     }
 
-    private static ConfigurationData constructExternalCADataPart1(String host, String port, String pin, String db_dir,
+    private static ConfigurationRequest constructExternalCADataPart1(String host, String port, String pin, String db_dir,
             String token_pwd, CryptoToken token) throws NoSuchAlgorithmException, TokenException, IOException,
             InvalidBERException {
-        ConfigurationData data = new ConfigurationData();
+        ConfigurationRequest data = new ConfigurationRequest();
         data.setPin(pin);
 
-        data.setSecurityDomainType(ConfigurationData.NEW_DOMAIN);
+        data.setSecurityDomainType(ConfigurationRequest.NEW_DOMAIN);
         data.setSecurityDomainName("External CA security domain");
 
         data.setIsClone("false");
         data.setHierarchy("join");
-        data.setToken(ConfigurationData.TOKEN_DEFAULT);
+        data.setToken(ConfigurationRequest.TOKEN_DEFAULT);
         data.setSubsystemName("test external ca subsystem");
 
         data.setDsHost(host);
@@ -485,8 +485,8 @@ public class ConfigurationTest {
         data.setIssuingCA("External CA");
 
         // create system certs
-        Collection<CertData> systemCerts = new ArrayList<CertData>();
-        CertData cert1 = new CertData();
+        Collection<SystemCertData> systemCerts = new ArrayList<SystemCertData>();
+        SystemCertData cert1 = new SystemCertData();
         cert1.setTag("signing");
         cert1.setKeyAlgorithm("SHA256withRSA");
         cert1.setKeySize("2048");
@@ -498,7 +498,7 @@ public class ConfigurationTest {
 
         systemCerts.add(cert1);
 
-        CertData cert2 = new CertData();
+        SystemCertData cert2 = new SystemCertData();
         cert2.setTag("ocsp_signing");
         cert2.setKeyAlgorithm("SHA256withRSA");
         cert2.setKeySize("2048");
@@ -509,7 +509,7 @@ public class ConfigurationTest {
         cert2.setToken("Internal Key Storage Token");
         systemCerts.add(cert2);
 
-        CertData cert3 = new CertData();
+        SystemCertData cert3 = new SystemCertData();
         cert3.setTag("sslserver");
         cert3.setKeyAlgorithm("SHA256withRSA");
         cert3.setKeySize("2048");
@@ -519,7 +519,7 @@ public class ConfigurationTest {
         cert3.setToken("Internal Key Storage Token");
         systemCerts.add(cert3);
 
-        CertData cert4 = new CertData();
+        SystemCertData cert4 = new SystemCertData();
         cert4.setTag("subsystem");
         cert4.setKeyAlgorithm("SHA256withRSA");
         cert4.setKeySize("2048");
@@ -529,7 +529,7 @@ public class ConfigurationTest {
         cert4.setToken("Internal Key Storage Token");
         systemCerts.add(cert4);
 
-        CertData cert5 = new CertData();
+        SystemCertData cert5 = new SystemCertData();
         cert5.setTag("audit_signing");
         cert5.setKeyAlgorithm("SHA256withRSA");
         cert5.setKeySize("2048");
@@ -545,18 +545,18 @@ public class ConfigurationTest {
         return data;
     }
 
-    private static ConfigurationData constructExternalCADataPart2(String host, String port, String pin, String db_dir,
+    private static ConfigurationRequest constructExternalCADataPart2(String host, String port, String pin, String db_dir,
             String token_pwd, CryptoToken token, String extCertFile, String extChainFile)
             throws NoSuchAlgorithmException, TokenException, IOException, InvalidBERException {
-        ConfigurationData data = new ConfigurationData();
+        ConfigurationRequest data = new ConfigurationRequest();
         data.setPin(pin);
 
-        data.setSecurityDomainType(ConfigurationData.NEW_DOMAIN);
+        data.setSecurityDomainType(ConfigurationRequest.NEW_DOMAIN);
         data.setSecurityDomainName("External CA security domain");
 
         data.setIsClone("false");
         data.setHierarchy("join");
-        data.setToken(ConfigurationData.TOKEN_DEFAULT);
+        data.setToken(ConfigurationRequest.TOKEN_DEFAULT);
         data.setSubsystemName("test external ca subsystem");
 
         data.setDsHost(host);
@@ -588,8 +588,8 @@ public class ConfigurationTest {
         data.setStepTwo("true");
 
         // create system certs
-        Collection<CertData> systemCerts = new ArrayList<CertData>();
-        CertData cert1 = new CertData();
+        Collection<SystemCertData> systemCerts = new ArrayList<SystemCertData>();
+        SystemCertData cert1 = new SystemCertData();
         cert1.setTag("signing");
         cert1.setKeyAlgorithm("SHA256withRSA");
         cert1.setKeySize("2048");
@@ -617,7 +617,7 @@ public class ConfigurationTest {
 
         systemCerts.add(cert1);
 
-        CertData cert2 = new CertData();
+        SystemCertData cert2 = new SystemCertData();
         cert2.setTag("ocsp_signing");
         cert2.setKeyAlgorithm("SHA256withRSA");
         cert2.setKeySize("2048");
@@ -628,7 +628,7 @@ public class ConfigurationTest {
         cert2.setToken("Internal Key Storage Token");
         systemCerts.add(cert2);
 
-        CertData cert3 = new CertData();
+        SystemCertData cert3 = new SystemCertData();
         cert3.setTag("sslserver");
         cert3.setKeyAlgorithm("SHA256withRSA");
         cert3.setKeySize("2048");
@@ -638,7 +638,7 @@ public class ConfigurationTest {
         cert3.setToken("Internal Key Storage Token");
         systemCerts.add(cert3);
 
-        CertData cert4 = new CertData();
+        SystemCertData cert4 = new SystemCertData();
         cert4.setTag("subsystem");
         cert4.setKeyAlgorithm("SHA256withRSA");
         cert4.setKeySize("2048");
@@ -648,7 +648,7 @@ public class ConfigurationTest {
         cert4.setToken("Internal Key Storage Token");
         systemCerts.add(cert4);
 
-        CertData cert5 = new CertData();
+        SystemCertData cert5 = new SystemCertData();
         cert5.setTag("audit_signing");
         cert5.setKeyAlgorithm("SHA256withRSA");
         cert5.setKeySize("2048");
@@ -664,12 +664,12 @@ public class ConfigurationTest {
         return data;
     }
 
-    private static ConfigurationData constructCloneCAData(String host, String port, String pin, String db_dir,
+    private static ConfigurationRequest constructCloneCAData(String host, String port, String pin, String db_dir,
             String token_pwd, CryptoToken token) throws NoSuchAlgorithmException, TokenException, IOException,
             InvalidBERException {
-        ConfigurationData data = new ConfigurationData();
+        ConfigurationRequest data = new ConfigurationRequest();
         data.setPin(pin);
-        data.setSecurityDomainType(ConfigurationData.EXISTING_DOMAIN);
+        data.setSecurityDomainType(ConfigurationRequest.EXISTING_DOMAIN);
         data.setSecurityDomainUri("https://" + host + ":9225");
         data.setSecurityDomainUser("admin");
         data.setSecurityDomainPassword("redhat123");
@@ -680,7 +680,7 @@ public class ConfigurationTest {
         data.setP12Password("redhat123");
 
         data.setHierarchy("root");
-        data.setToken(ConfigurationData.TOKEN_DEFAULT);
+        data.setToken(ConfigurationRequest.TOKEN_DEFAULT);
         data.setSubsystemName("test clone ca subsystem");
 
         data.setDsHost(host);
@@ -695,8 +695,8 @@ public class ConfigurationTest {
         data.setBackupKeys("false");
 
         // create system certs
-        Collection<CertData> systemCerts = new ArrayList<CertData>();
-        CertData cert3 = new CertData();
+        Collection<SystemCertData> systemCerts = new ArrayList<SystemCertData>();
+        SystemCertData cert3 = new SystemCertData();
         cert3.setTag("sslserver");
         cert3.setKeyAlgorithm("SHA256withRSA");
         cert3.setKeySize("2048");
@@ -711,19 +711,19 @@ public class ConfigurationTest {
         return data;
     }
 
-    private static ConfigurationData constructKRAData(String host, String port, String pin, String db_dir,
+    private static ConfigurationRequest constructKRAData(String host, String port, String pin, String db_dir,
             String token_pwd, CryptoToken token) throws NoSuchAlgorithmException, TokenException, IOException,
             InvalidBERException {
-        ConfigurationData data = new ConfigurationData();
+        ConfigurationRequest data = new ConfigurationRequest();
         data.setPin(pin);
 
-        data.setSecurityDomainType(ConfigurationData.EXISTING_DOMAIN);
+        data.setSecurityDomainType(ConfigurationRequest.EXISTING_DOMAIN);
         data.setSecurityDomainUri("https://" + host + ":9225");
         data.setSecurityDomainUser("admin");
         data.setSecurityDomainPassword("redhat123");
 
         data.setIsClone("false");
-        data.setToken(ConfigurationData.TOKEN_DEFAULT);
+        data.setToken(ConfigurationRequest.TOKEN_DEFAULT);
         data.setSubsystemName("test kra subsystem");
 
         data.setDsHost(host);
@@ -754,8 +754,8 @@ public class ConfigurationTest {
         data.setIssuingCA("https://" + host + ":9224");
 
         // create system certs
-        Collection<CertData> systemCerts = new ArrayList<CertData>();
-        CertData cert1 = new CertData();
+        Collection<SystemCertData> systemCerts = new ArrayList<SystemCertData>();
+        SystemCertData cert1 = new SystemCertData();
         cert1.setTag("transport");
         cert1.setKeyAlgorithm("SHA256withRSA");
         cert1.setKeySize("2048");
@@ -767,7 +767,7 @@ public class ConfigurationTest {
 
         systemCerts.add(cert1);
 
-        CertData cert2 = new CertData();
+        SystemCertData cert2 = new SystemCertData();
         cert2.setTag("storage");
         cert2.setKeyAlgorithm("SHA256withRSA");
         cert2.setKeySize("2048");
@@ -778,7 +778,7 @@ public class ConfigurationTest {
         cert2.setToken("Internal Key Storage Token");
         systemCerts.add(cert2);
 
-        CertData cert3 = new CertData();
+        SystemCertData cert3 = new SystemCertData();
         cert3.setTag("sslserver");
         cert3.setKeyAlgorithm("SHA256withRSA");
         cert3.setKeySize("2048");
@@ -788,7 +788,7 @@ public class ConfigurationTest {
         cert3.setToken("Internal Key Storage Token");
         systemCerts.add(cert3);
 
-        CertData cert4 = new CertData();
+        SystemCertData cert4 = new SystemCertData();
         cert4.setTag("subsystem");
         cert4.setKeyAlgorithm("SHA256withRSA");
         cert4.setKeySize("2048");
@@ -798,7 +798,7 @@ public class ConfigurationTest {
         cert4.setToken("Internal Key Storage Token");
         systemCerts.add(cert4);
 
-        CertData cert5 = new CertData();
+        SystemCertData cert5 = new SystemCertData();
         cert5.setTag("audit_signing");
         cert5.setKeyAlgorithm("SHA256withRSA");
         cert5.setKeySize("2048");
@@ -814,19 +814,19 @@ public class ConfigurationTest {
         return data;
     }
 
-    private static ConfigurationData constructOCSPData(String host, String port, String pin, String db_dir,
+    private static ConfigurationRequest constructOCSPData(String host, String port, String pin, String db_dir,
             String token_pwd, CryptoToken token) throws NoSuchAlgorithmException, TokenException, IOException,
             InvalidBERException {
-        ConfigurationData data = new ConfigurationData();
+        ConfigurationRequest data = new ConfigurationRequest();
         data.setPin(pin);
 
-        data.setSecurityDomainType(ConfigurationData.EXISTING_DOMAIN);
+        data.setSecurityDomainType(ConfigurationRequest.EXISTING_DOMAIN);
         data.setSecurityDomainUri("https://" + host + ":9225");
         data.setSecurityDomainUser("admin");
         data.setSecurityDomainPassword("redhat123");
 
         data.setIsClone("false");
-        data.setToken(ConfigurationData.TOKEN_DEFAULT);
+        data.setToken(ConfigurationRequest.TOKEN_DEFAULT);
         data.setSubsystemName("test ocsp subsystem");
 
         data.setDsHost(host);
@@ -857,8 +857,8 @@ public class ConfigurationTest {
         data.setIssuingCA("https://" + host + ":9224");
 
         // create system certs
-        Collection<CertData> systemCerts = new ArrayList<CertData>();
-        CertData cert1 = new CertData();
+        Collection<SystemCertData> systemCerts = new ArrayList<SystemCertData>();
+        SystemCertData cert1 = new SystemCertData();
         cert1.setTag("signing");
         cert1.setKeyAlgorithm("SHA256withRSA");
         cert1.setKeySize("2048");
@@ -870,7 +870,7 @@ public class ConfigurationTest {
 
         systemCerts.add(cert1);
 
-        CertData cert3 = new CertData();
+        SystemCertData cert3 = new SystemCertData();
         cert3.setTag("sslserver");
         cert3.setKeyAlgorithm("SHA256withRSA");
         cert3.setKeySize("2048");
@@ -880,7 +880,7 @@ public class ConfigurationTest {
         cert3.setToken("Internal Key Storage Token");
         systemCerts.add(cert3);
 
-        CertData cert4 = new CertData();
+        SystemCertData cert4 = new SystemCertData();
         cert4.setTag("subsystem");
         cert4.setKeyAlgorithm("SHA256withRSA");
         cert4.setKeySize("2048");
@@ -890,7 +890,7 @@ public class ConfigurationTest {
         cert4.setToken("Internal Key Storage Token");
         systemCerts.add(cert4);
 
-        CertData cert5 = new CertData();
+        SystemCertData cert5 = new SystemCertData();
         cert5.setTag("audit_signing");
         cert5.setKeyAlgorithm("SHA256withRSA");
         cert5.setKeySize("2048");
@@ -906,19 +906,19 @@ public class ConfigurationTest {
         return data;
     }
 
-    private static ConfigurationData constructTKSData(String host, String port, String pin, String db_dir,
+    private static ConfigurationRequest constructTKSData(String host, String port, String pin, String db_dir,
             String token_pwd, CryptoToken token) throws NoSuchAlgorithmException, TokenException, IOException,
             InvalidBERException {
-        ConfigurationData data = new ConfigurationData();
+        ConfigurationRequest data = new ConfigurationRequest();
         data.setPin(pin);
 
-        data.setSecurityDomainType(ConfigurationData.EXISTING_DOMAIN);
+        data.setSecurityDomainType(ConfigurationRequest.EXISTING_DOMAIN);
         data.setSecurityDomainUri("https://" + host + ":9225");
         data.setSecurityDomainUser("admin");
         data.setSecurityDomainPassword("redhat123");
 
         data.setIsClone("false");
-        data.setToken(ConfigurationData.TOKEN_DEFAULT);
+        data.setToken(ConfigurationRequest.TOKEN_DEFAULT);
         data.setSubsystemName("test tks subsystem");
 
         data.setDsHost(host);
@@ -949,9 +949,9 @@ public class ConfigurationTest {
         data.setIssuingCA("https://" + host + ":9224");
 
         // create system certs
-        Collection<CertData> systemCerts = new ArrayList<CertData>();
+        Collection<SystemCertData> systemCerts = new ArrayList<SystemCertData>();
 
-        CertData cert3 = new CertData();
+        SystemCertData cert3 = new SystemCertData();
         cert3.setTag("sslserver");
         cert3.setKeyAlgorithm("SHA256withRSA");
         cert3.setKeySize("2048");
@@ -961,7 +961,7 @@ public class ConfigurationTest {
         cert3.setToken("Internal Key Storage Token");
         systemCerts.add(cert3);
 
-        CertData cert4 = new CertData();
+        SystemCertData cert4 = new SystemCertData();
         cert4.setTag("subsystem");
         cert4.setKeyAlgorithm("SHA256withRSA");
         cert4.setKeySize("2048");
@@ -971,7 +971,7 @@ public class ConfigurationTest {
         cert4.setToken("Internal Key Storage Token");
         systemCerts.add(cert4);
 
-        CertData cert5 = new CertData();
+        SystemCertData cert5 = new SystemCertData();
         cert5.setTag("audit_signing");
         cert5.setKeyAlgorithm("SHA256withRSA");
         cert5.setKeySize("2048");
diff --git a/base/common/src/CMakeLists.txt b/base/common/src/CMakeLists.txt
index f93083d79..fc6204b2a 100644
--- a/base/common/src/CMakeLists.txt
+++ b/base/common/src/CMakeLists.txt
@@ -173,6 +173,7 @@ install(
 
 set(PKI_CERTSRV_JAR ${CMAKE_BINARY_DIR}/dist/pki-certsrv.jar CACHE INTERNAL "pki-certsrv jar file")
 
+
 # build pki-cms
 javac(pki-cms-classes
     SOURCES
@@ -333,3 +334,35 @@ install(
 )
 
 set(PKI_CMSBUNDLE_JAR ${CMAKE_BINARY_DIR}/dist/pki-cmsbundle.jar INTERNAL "pki-cmsbundle jar file")
+
+
+# build pki-client
+jar(pki-client-jar
+    CREATE
+        ${CMAKE_BINARY_DIR}/dist/pki-client-${APPLICATION_VERSION}.jar
+    INPUT_DIR
+        ${CMAKE_BINARY_DIR}/classes
+    FILES
+        com/netscape/cms/client/*.class
+    DEPENDS
+        pki-cms
+)
+
+link(pki-client
+    SOURCE
+        ${CMAKE_BINARY_DIR}/dist/pki-client.jar
+    DEST
+        pki-client-${APPLICATION_VERSION}.jar
+    DEPENDS
+        pki-client-jar
+)
+
+install(
+    FILES
+        ${CMAKE_BINARY_DIR}/dist/pki-client.jar
+        ${CMAKE_BINARY_DIR}/dist/pki-client-${APPLICATION_VERSION}.jar
+    DESTINATION
+        ${JAVA_JAR_INSTALL_DIR}/pki
+)
+
+set(PKI_CLIENT_JAR ${CMAKE_BINARY_DIR}/dist/pki-client.jar CACHE INTERNAL "pki-client jar file")
diff --git a/base/common/src/com/netscape/cms/servlet/base/BadRequestException.java b/base/common/src/com/netscape/certsrv/base/BadRequestException.java
index b5c5e0b12..48face306 100644
--- a/base/common/src/com/netscape/cms/servlet/base/BadRequestException.java
+++ b/base/common/src/com/netscape/certsrv/base/BadRequestException.java
@@ -15,10 +15,10 @@
 // (C) 2007 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.base;
+package com.netscape.certsrv.base;
 import javax.ws.rs.core.Response;
 
-public class BadRequestException extends CMSException {
+public class BadRequestException extends PKIException {
 
     private static final long serialVersionUID = -4784839378360933483L;
 
diff --git a/base/common/src/com/netscape/cms/servlet/base/model/Link.java b/base/common/src/com/netscape/certsrv/base/Link.java
index 336092abe..427d1c275 100644
--- a/base/common/src/com/netscape/cms/servlet/base/model/Link.java
+++ b/base/common/src/com/netscape/certsrv/base/Link.java
@@ -15,7 +15,7 @@
 // (C) 2011 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---/**
-package com.netscape.cms.servlet.base.model;
+package com.netscape.certsrv.base;
 
 import javax.xml.bind.annotation.XmlAttribute;
 import javax.xml.bind.annotation.XmlRootElement;
diff --git a/base/common/src/com/netscape/cms/servlet/base/CMSException.java b/base/common/src/com/netscape/certsrv/base/PKIException.java
index 5ceb30ee1..6afb8f72b 100644
--- a/base/common/src/com/netscape/cms/servlet/base/CMSException.java
+++ b/base/common/src/com/netscape/certsrv/base/PKIException.java
@@ -15,7 +15,7 @@
 // (C) 2007 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.base;
+package com.netscape.certsrv.base;
 
 import java.util.ArrayList;
 import java.util.LinkedHashMap;
@@ -35,43 +35,43 @@ import javax.xml.bind.annotation.XmlValue;
 import javax.xml.bind.annotation.adapters.XmlAdapter;
 import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
 
-public class CMSException extends RuntimeException {
+public class PKIException extends RuntimeException {
 
     private static final long serialVersionUID = 6000910362260369923L;
 
     public int code;
 
-    public CMSException(String message) {
+    public PKIException(String message) {
         super(message);
         code = Response.Status.INTERNAL_SERVER_ERROR.getStatusCode();
     }
 
-    public CMSException(int code, String message) {
+    public PKIException(int code, String message) {
         super(message);
         this.code = code;
     }
 
-    public CMSException(Response.Status status, String message) {
+    public PKIException(Response.Status status, String message) {
         super(message);
         code = status.getStatusCode();
     }
 
-    public CMSException(String message, Throwable cause) {
+    public PKIException(String message, Throwable cause) {
         super(message, cause);
         code = Response.Status.INTERNAL_SERVER_ERROR.getStatusCode();
     }
 
-    public CMSException(int code, String message, Throwable cause) {
+    public PKIException(int code, String message, Throwable cause) {
         super(message, cause);
         this.code = code;
     }
 
-    public CMSException(Response.Status status, String message, Throwable cause) {
+    public PKIException(Response.Status status, String message, Throwable cause) {
         super(message, cause);
         code = status.getStatusCode();
     }
 
-    public CMSException(Data data) {
+    public PKIException(Data data) {
         super(data.message);
         code = data.code;
     }
@@ -92,7 +92,7 @@ public class CMSException extends RuntimeException {
         return data;
     }
 
-    @XmlRootElement(name="CMSException")
+    @XmlRootElement(name="PKIException")
     public static class Data {
 
         @XmlElement(name="ClassName")
@@ -154,10 +154,10 @@ public class CMSException extends RuntimeException {
     }
 
     @Provider
-    public static class Mapper implements ExceptionMapper<CMSException> {
+    public static class Mapper implements ExceptionMapper<PKIException> {
 
-        public Response toResponse(CMSException exception) {
-            // convert CMSException into HTTP response with XML content
+        public Response toResponse(PKIException exception) {
+            // convert PKIException into HTTP response with XML content
             return Response
                     .status(exception.getCode())
                     .entity(exception.getData())
@@ -168,7 +168,7 @@ public class CMSException extends RuntimeException {
 
     public static void main(String args[]) throws Exception {
         Data data = new Data();
-        data.className = CMSException.class.getName();
+        data.className = PKIException.class.getName();
         data.code = Response.Status.INTERNAL_SERVER_ERROR.getStatusCode();
         data.message = "An error has occured";
         data.setAttribute("attr1", "value1");
diff --git a/base/common/src/com/netscape/cms/servlet/base/UnauthorizedException.java b/base/common/src/com/netscape/certsrv/base/UnauthorizedException.java
index 7dfa3d6d4..f82c06754 100644
--- a/base/common/src/com/netscape/cms/servlet/base/UnauthorizedException.java
+++ b/base/common/src/com/netscape/certsrv/base/UnauthorizedException.java
@@ -16,14 +16,15 @@
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
 
-package com.netscape.cms.servlet.base;
+package com.netscape.certsrv.base;
 
 import javax.ws.rs.core.Response;
 
+
 /**
  * @author Endi S. Dewata
  */
-public class UnauthorizedException extends CMSException {
+public class UnauthorizedException extends PKIException {
 
     private static final long serialVersionUID = -2025082875126996556L;
 
diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertificateData.java b/base/common/src/com/netscape/certsrv/cert/CertData.java
index bfdb894cb..58f7fcd2c 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/model/CertificateData.java
+++ b/base/common/src/com/netscape/certsrv/cert/CertData.java
@@ -15,7 +15,7 @@
 // (C) 2012 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert.model;
+package com.netscape.certsrv.cert;
 
 import java.io.PrintWriter;
 import java.io.StringReader;
@@ -38,17 +38,17 @@ import com.netscape.certsrv.dbs.certdb.CertIdAdapter;
  * @author alee
  *
  */
-@XmlRootElement(name = "CertificateData")
-public class CertificateData {
+@XmlRootElement(name = "CertData")
+public class CertData {
 
     public static Marshaller marshaller;
     public static Unmarshaller unmarshaller;
 
     static {
         try {
-            marshaller = JAXBContext.newInstance(CertificateData.class).createMarshaller();
+            marshaller = JAXBContext.newInstance(CertData.class).createMarshaller();
             marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
-            unmarshaller = JAXBContext.newInstance(CertificateData.class).createUnmarshaller();
+            unmarshaller = JAXBContext.newInstance(CertData.class).createUnmarshaller();
         } catch (Exception e) {
             e.printStackTrace();
         }
@@ -181,7 +181,7 @@ public class CertificateData {
             return false;
         if (getClass() != obj.getClass())
             return false;
-        CertificateData other = (CertificateData) obj;
+        CertData other = (CertData) obj;
         if (encoded == null) {
             if (other.encoded != null)
                 return false;
@@ -241,9 +241,9 @@ public class CertificateData {
         }
     }
 
-    public static CertificateData valueOf(String string) throws Exception {
+    public static CertData valueOf(String string) throws Exception {
         try {
-            return (CertificateData)unmarshaller.unmarshal(new StringReader(string));
+            return (CertData)unmarshaller.unmarshal(new StringReader(string));
         } catch (Exception e) {
             return null;
         }
@@ -268,7 +268,7 @@ public class CertificateData {
         out.println("bFBr+Gwk2VF2wJvOhTXU2hN8sfkkd9clzIXuL8WCDhWk1bY=");
         out.println("-----END CERTIFICATE-----");
 
-        CertificateData before = new CertificateData();
+        CertData before = new CertData();
         before.setSerialNumber(new CertId("12512514865863765114"));
         before.setIssuerDN("CN=Test User,UID=testuser,O=EXAMPLE-COM");
         before.setSubjectDN("CN=Test User,UID=testuser,O=EXAMPLE-COM");
@@ -277,7 +277,7 @@ public class CertificateData {
         String string = before.toString();
         System.out.println(string);
 
-        CertificateData after = CertificateData.valueOf(string);
+        CertData after = CertData.valueOf(string);
         System.out.println(before.equals(after));
     }
 }
diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfo.java b/base/common/src/com/netscape/certsrv/cert/CertDataInfo.java
index 4c6a9b19e..969e3e371 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfo.java
+++ b/base/common/src/com/netscape/certsrv/cert/CertDataInfo.java
@@ -18,7 +18,7 @@
 /**
  *
  */
-package com.netscape.cms.servlet.cert.model;
+package com.netscape.certsrv.cert;
 
 import java.io.StringReader;
 import java.io.StringWriter;
diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfos.java b/base/common/src/com/netscape/certsrv/cert/CertDataInfos.java
index 189c58cbe..475e90815 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfos.java
+++ b/base/common/src/com/netscape/certsrv/cert/CertDataInfos.java
@@ -15,7 +15,7 @@
 //(C) 2012 Red Hat, Inc.
 //All rights reserved.
 //--- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert.model;
+package com.netscape.certsrv.cert;
 
 import java.util.ArrayList;
 import java.util.Collection;
diff --git a/base/common/src/com/netscape/cms/servlet/request/model/EnrollmentRequestData.java b/base/common/src/com/netscape/certsrv/cert/CertEnrollmentRequest.java
index caff0261d..fefef9a46 100644
--- a/base/common/src/com/netscape/cms/servlet/request/model/EnrollmentRequestData.java
+++ b/base/common/src/com/netscape/certsrv/cert/CertEnrollmentRequest.java
@@ -19,7 +19,7 @@
 /**
  *
  */
-package com.netscape.cms.servlet.request.model;
+package com.netscape.certsrv.cert;
 
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
@@ -39,17 +39,17 @@ import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlElement;
 import javax.xml.bind.annotation.XmlRootElement;
 
-import com.netscape.cms.servlet.profile.model.ProfileInput;
-import com.netscape.cms.servlet.profile.model.ProfileOutput;
+import com.netscape.certsrv.profile.ProfileInput;
+import com.netscape.certsrv.profile.ProfileOutput;
 
 /**
  * @author jmagne
  *
  */
 
-@XmlRootElement(name = "EnrollmentRequest")
+@XmlRootElement(name = "CertEnrollmentRequest")
 @XmlAccessorType(XmlAccessType.FIELD)
-public class EnrollmentRequestData {
+public class CertEnrollmentRequest {
 
     private static final String PROFILE_ID = "profileId";
     private static final String RENEWAL = "renewal";
@@ -76,11 +76,11 @@ public class EnrollmentRequestData {
     @XmlElement(name = "Output")
     protected List<ProfileOutput> outputs = new ArrayList<ProfileOutput>();
 
-    public EnrollmentRequestData() {
+    public CertEnrollmentRequest() {
         // required for jaxb
     }
 
-    public EnrollmentRequestData(MultivaluedMap<String, String> form) {
+    public CertEnrollmentRequest(MultivaluedMap<String, String> form) {
         profileId = form.getFirst(PROFILE_ID);
         String renewalStr = form.getFirst(RENEWAL);
         serialNum = form.getFirst(SERIAL_NUM);
@@ -211,7 +211,7 @@ public class EnrollmentRequestData {
     }
 
     public static void main(String args[]) throws Exception {
-        EnrollmentRequestData data = new EnrollmentRequestData();
+        CertEnrollmentRequest data = new CertEnrollmentRequest();
         data.setProfileId("caUserCert");
         data.setIsRenewal(false);
 
@@ -240,7 +240,7 @@ public class EnrollmentRequestData {
         submitter.setInputAttr("requestor_phone", "650-555-5555");
 
         try {
-            JAXBContext context = JAXBContext.newInstance(EnrollmentRequestData.class);
+            JAXBContext context = JAXBContext.newInstance(CertEnrollmentRequest.class);
             Marshaller marshaller = context.createMarshaller();
             marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
 
diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertNotFoundException.java b/base/common/src/com/netscape/certsrv/cert/CertNotFoundException.java
index 11948ee39..ce0962a84 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/CertNotFoundException.java
+++ b/base/common/src/com/netscape/certsrv/cert/CertNotFoundException.java
@@ -15,14 +15,14 @@
 // (C) 2007 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
+package com.netscape.certsrv.cert;
 
 import javax.ws.rs.core.Response;
 
+import com.netscape.certsrv.base.PKIException;
 import com.netscape.certsrv.dbs.certdb.CertId;
-import com.netscape.cms.servlet.base.CMSException;
 
-public class CertNotFoundException extends CMSException {
+public class CertNotFoundException extends PKIException {
 
     private static final long serialVersionUID = -4784839378360933483L;
 
diff --git a/base/common/src/com/netscape/cms/servlet/request/model/CertRequestInfo.java b/base/common/src/com/netscape/certsrv/cert/CertRequestInfo.java
index 0754fe547..d11e94543 100644
--- a/base/common/src/com/netscape/cms/servlet/request/model/CertRequestInfo.java
+++ b/base/common/src/com/netscape/certsrv/cert/CertRequestInfo.java
@@ -16,7 +16,7 @@
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
 
-package com.netscape.cms.servlet.request.model;
+package com.netscape.certsrv.cert;
 
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
@@ -24,6 +24,7 @@ import javax.xml.bind.annotation.XmlElement;
 import javax.xml.bind.annotation.XmlRootElement;
 
 import com.netscape.certsrv.dbs.certdb.CertId;
+import com.netscape.certsrv.request.CMSRequestInfo;
 
 @XmlRootElement(name = "CertRequestInfo")
 @XmlAccessorType(XmlAccessType.FIELD)
diff --git a/base/common/src/com/netscape/cms/servlet/request/model/CertRequestInfos.java b/base/common/src/com/netscape/certsrv/cert/CertRequestInfos.java
index a4c39a33e..028bff583 100644
--- a/base/common/src/com/netscape/cms/servlet/request/model/CertRequestInfos.java
+++ b/base/common/src/com/netscape/certsrv/cert/CertRequestInfos.java
@@ -15,7 +15,7 @@
 // (C) 2011 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.request.model;
+package com.netscape.certsrv.cert;
 
 import java.util.Collection;
 import java.util.List;
@@ -24,7 +24,7 @@ import javax.xml.bind.annotation.XmlElementRef;
 import javax.xml.bind.annotation.XmlRootElement;
 import javax.xml.bind.annotation.XmlTransient;
 
-import com.netscape.cms.servlet.base.model.Link;
+import com.netscape.certsrv.base.Link;
 
 @XmlRootElement(name = "CertRequestInfos")
 public class CertRequestInfos {
diff --git a/base/common/src/com/netscape/cms/servlet/request/CertRequestResource.java b/base/common/src/com/netscape/certsrv/cert/CertRequestResource.java
index fc06e5e10..1a186f627 100644
--- a/base/common/src/com/netscape/cms/servlet/request/CertRequestResource.java
+++ b/base/common/src/com/netscape/certsrv/cert/CertRequestResource.java
@@ -15,7 +15,7 @@
 // (C) 2007 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.request;
+package com.netscape.certsrv.cert;
 
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DefaultValue;
@@ -29,10 +29,6 @@ import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.MultivaluedMap;
 
 import com.netscape.certsrv.request.RequestId;
-import com.netscape.cms.servlet.request.model.AgentEnrollmentRequestData;
-import com.netscape.cms.servlet.request.model.CertRequestInfo;
-import com.netscape.cms.servlet.request.model.CertRequestInfos;
-import com.netscape.cms.servlet.request.model.EnrollmentRequestData;
 
 @Path("")
 public interface CertRequestResource {
@@ -66,7 +62,7 @@ public interface CertRequestResource {
     @GET
     @Path("agent/certrequests/{id}")
     @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
-    public AgentEnrollmentRequestData reviewRequest(@PathParam("id") RequestId id);
+    public CertReviewResponse reviewRequest(@PathParam("id") RequestId id);
 
     // Enrollment - used to test integration with a browser
     @POST
@@ -79,40 +75,40 @@ public interface CertRequestResource {
     @Path("certrequests")
     @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
     @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
-    public CertRequestInfos enrollCert(EnrollmentRequestData data);
+    public CertRequestInfos enrollCert(CertEnrollmentRequest data);
 
     @POST
     @Path("agent/certrequests/{id}/approve")
     @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
-    public void approveRequest(@PathParam("id") RequestId id, AgentEnrollmentRequestData data);
+    public void approveRequest(@PathParam("id") RequestId id, CertReviewResponse data);
 
     @POST
     @Path("agent/certrequests/{id}/reject")
     @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
-    public void rejectRequest(@PathParam("id") RequestId id, AgentEnrollmentRequestData data);
+    public void rejectRequest(@PathParam("id") RequestId id, CertReviewResponse data);
 
     @POST
     @Path("agent/certrequests/{id}/cancel")
     @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
-    public void cancelRequest(@PathParam("id") RequestId id, AgentEnrollmentRequestData data);
+    public void cancelRequest(@PathParam("id") RequestId id, CertReviewResponse data);
 
     @POST
     @Path("agent/certrequests/{id}/update")
     @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
-    public void updateRequest(@PathParam("id") RequestId id, AgentEnrollmentRequestData data);
+    public void updateRequest(@PathParam("id") RequestId id, CertReviewResponse data);
 
     @POST
     @Path("agent/certrequests/{id}/validate")
     @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
-    public void validateRequest(@PathParam("id") RequestId id, AgentEnrollmentRequestData data);
+    public void validateRequest(@PathParam("id") RequestId id, CertReviewResponse data);
 
     @POST
     @Path("agent/certrequests/{id}/unassign")
     @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
-    public void unassignRequest(@PathParam("id") RequestId id, AgentEnrollmentRequestData data);
+    public void unassignRequest(@PathParam("id") RequestId id, CertReviewResponse data);
 
     @POST
     @Path("agent/certrequests/{id}/assign")
     @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
-    public void assignRequest(@PathParam("id") RequestId id, AgentEnrollmentRequestData data);
+    public void assignRequest(@PathParam("id") RequestId id, CertReviewResponse data);
 }
diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertResource.java b/base/common/src/com/netscape/certsrv/cert/CertResource.java
index f3a9d4129..1d5958824 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/CertResource.java
+++ b/base/common/src/com/netscape/certsrv/cert/CertResource.java
@@ -1,4 +1,4 @@
-package com.netscape.cms.servlet.cert;
+package com.netscape.certsrv.cert;
 
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DefaultValue;
@@ -11,12 +11,6 @@ import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.MediaType;
 
 import com.netscape.certsrv.dbs.certdb.CertId;
-import com.netscape.cms.servlet.cert.model.CertDataInfos;
-import com.netscape.cms.servlet.cert.model.CertRevokeRequest;
-import com.netscape.cms.servlet.cert.model.CertSearchData;
-import com.netscape.cms.servlet.cert.model.CertUnrevokeRequest;
-import com.netscape.cms.servlet.cert.model.CertificateData;
-import com.netscape.cms.servlet.request.model.CertRequestInfo;
 
 @Path("")
 public interface CertResource {
@@ -37,14 +31,14 @@ public interface CertResource {
     @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
     @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
     public CertDataInfos searchCerts(
-            CertSearchData data,
+            CertSearchRequest data,
             @QueryParam("start") Integer start,
             @QueryParam("size") Integer size);
 
     @GET
     @Path("certs/{id}")
     @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
-    public CertificateData getCert(@PathParam("id") CertId id);
+    public CertData getCert(@PathParam("id") CertId id);
 
     @POST
     @Path("agent/certs/{id}/revoke-ca")
diff --git a/base/common/src/com/netscape/cms/servlet/request/model/CertRetrievalRequestData.java b/base/common/src/com/netscape/certsrv/cert/CertRetrievalRequest.java
index 72e437c17..ac8ea079a 100644
--- a/base/common/src/com/netscape/cms/servlet/request/model/CertRetrievalRequestData.java
+++ b/base/common/src/com/netscape/certsrv/cert/CertRetrievalRequest.java
@@ -19,7 +19,7 @@
 /**
  *
  */
-package com.netscape.cms.servlet.request.model;
+package com.netscape.certsrv.cert;
 
 import javax.ws.rs.core.MultivaluedMap;
 import javax.xml.bind.annotation.XmlAccessType;
@@ -39,7 +39,7 @@ import com.netscape.certsrv.request.RequestIdAdapter;
  */
 @XmlRootElement(name = "CertRetrievalRequest")
 @XmlAccessorType(XmlAccessType.FIELD)
-public class CertRetrievalRequestData {
+public class CertRetrievalRequest {
 
     private static final String CERT_ID = "certId";
 
@@ -51,11 +51,11 @@ public class CertRetrievalRequestData {
     @XmlJavaTypeAdapter(RequestIdAdapter.class)
     protected RequestId requestId;
 
-    public CertRetrievalRequestData() {
+    public CertRetrievalRequest() {
         // required for JAXB (defaults)
     }
 
-    public CertRetrievalRequestData(MultivaluedMap<String, String> form) {
+    public CertRetrievalRequest(MultivaluedMap<String, String> form) {
         if (form.containsKey(CERT_ID)) {
             certId = new CertId(form.getFirst(CERT_ID));
         }
diff --git a/base/common/src/com/netscape/cms/servlet/request/model/AgentEnrollmentRequestData.java b/base/common/src/com/netscape/certsrv/cert/CertReviewResponse.java
index fb0874353..776c90567 100644
--- a/base/common/src/com/netscape/cms/servlet/request/model/AgentEnrollmentRequestData.java
+++ b/base/common/src/com/netscape/certsrv/cert/CertReviewResponse.java
@@ -15,7 +15,7 @@
 //(C) 2012 Red Hat, Inc.
 //All rights reserved.
 //--- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.request.model;
+package com.netscape.certsrv.cert;
 
 import java.io.ByteArrayOutputStream;
 import java.util.ArrayList;
@@ -30,16 +30,16 @@ import javax.xml.bind.annotation.XmlElement;
 import javax.xml.bind.annotation.XmlRootElement;
 import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
 
+import com.netscape.certsrv.profile.PolicyDefault;
+import com.netscape.certsrv.profile.ProfileAttribute;
+import com.netscape.certsrv.profile.ProfilePolicy;
+import com.netscape.certsrv.profile.ProfilePolicySet;
 import com.netscape.certsrv.request.RequestId;
 import com.netscape.certsrv.request.RequestIdAdapter;
-import com.netscape.cms.servlet.profile.model.PolicyDefault;
-import com.netscape.cms.servlet.profile.model.ProfileAttribute;
-import com.netscape.cms.servlet.profile.model.ProfilePolicy;
-import com.netscape.cms.servlet.profile.model.ProfilePolicySet;
 
 @XmlRootElement
 @XmlAccessorType(XmlAccessType.FIELD)
-public class AgentEnrollmentRequestData extends EnrollmentRequestData {
+public class CertReviewResponse extends CertEnrollmentRequest {
 
     @XmlElement(name="ProfilePolicySet")
     protected List<ProfilePolicySet> policySets = new ArrayList<ProfilePolicySet>();
@@ -198,7 +198,7 @@ public class AgentEnrollmentRequestData extends EnrollmentRequestData {
 
     public String toString() {
         try {
-            JAXBContext context = JAXBContext.newInstance(AgentEnrollmentRequestData.class);
+            JAXBContext context = JAXBContext.newInstance(CertReviewResponse.class);
             Marshaller marshaller = context.createMarshaller();
             marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
 
diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertRevokeRequest.java b/base/common/src/com/netscape/certsrv/cert/CertRevokeRequest.java
index ef9ccebc3..7b86286ce 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/model/CertRevokeRequest.java
+++ b/base/common/src/com/netscape/certsrv/cert/CertRevokeRequest.java
@@ -16,7 +16,7 @@
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
 
-package com.netscape.cms.servlet.cert.model;
+package com.netscape.certsrv.cert;
 
 import java.io.StringReader;
 import java.io.StringWriter;
diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertSearchData.java b/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java
index 44092ac16..5ae8596ba 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/model/CertSearchData.java
+++ b/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java
@@ -18,7 +18,7 @@
 
 // TODO: This class is brute force. Come up with a way to divide these search filter entities into
 // smaller classes
-package com.netscape.cms.servlet.cert.model;
+package com.netscape.certsrv.cert;
 
 import java.io.Reader;
 import java.util.Calendar;
@@ -40,9 +40,9 @@ import com.netscape.cmsutil.ldap.LDAPUtil;
  * @author jmagne
  *
  */
-@XmlRootElement(name = "CertSearchData")
+@XmlRootElement(name = "CertSearchRequest")
 @XmlAccessorType(XmlAccessType.FIELD)
-public class CertSearchData {
+public class CertSearchRequest {
 
     private final static String MATCH_EXACTLY = "exact";
     //Serial Number
@@ -537,7 +537,7 @@ public class CertSearchData {
         this.certTypeSSLServer = SSLServer;
     }
 
-    public CertSearchData() {
+    public CertSearchRequest() {
         // required for JAXB (defaults)
     }
 
@@ -548,7 +548,7 @@ public class CertSearchData {
         }
     }
 
-    public CertSearchData(MultivaluedMap<String, String> form) {
+    public CertSearchRequest(MultivaluedMap<String, String> form) {
     }
 
     public String buildFilter() {
@@ -854,9 +854,9 @@ public class CertSearchData {
         this.searchFilter = searchFilter;
     }
 
-    public static CertSearchData valueOf(Reader reader) throws JAXBException {
-        JAXBContext context = JAXBContext.newInstance(CertSearchData.class);
+    public static CertSearchRequest valueOf(Reader reader) throws JAXBException {
+        JAXBContext context = JAXBContext.newInstance(CertSearchRequest.class);
         Unmarshaller unmarshaller = context.createUnmarshaller();
-        return (CertSearchData) unmarshaller.unmarshal(reader);
+        return (CertSearchRequest) unmarshaller.unmarshal(reader);
     }
 }
diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertUnrevokeRequest.java b/base/common/src/com/netscape/certsrv/cert/CertUnrevokeRequest.java
index 98d24d363..7885482be 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/model/CertUnrevokeRequest.java
+++ b/base/common/src/com/netscape/certsrv/cert/CertUnrevokeRequest.java
@@ -16,7 +16,7 @@
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
 
-package com.netscape.cms.servlet.cert.model;
+package com.netscape.certsrv.cert;
 
 import java.io.StringReader;
 import java.io.StringWriter;
diff --git a/base/common/src/com/netscape/cms/servlet/request/model/ArchivalRequestData.java b/base/common/src/com/netscape/certsrv/key/KeyArchivalRequest.java
index bcc51bf96..2d2d84c94 100644
--- a/base/common/src/com/netscape/cms/servlet/request/model/ArchivalRequestData.java
+++ b/base/common/src/com/netscape/certsrv/key/KeyArchivalRequest.java
@@ -19,21 +19,21 @@
 /**
  *
  */
-package com.netscape.cms.servlet.request.model;
+package com.netscape.certsrv.key;
 
 import javax.ws.rs.core.MultivaluedMap;
 import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlRootElement;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
 
 /**
  * @author alee
  *
  */
-@XmlRootElement(name="SecurityDataArchivalRequest")
+@XmlRootElement(name="KeyArchivalRequest")
 @XmlAccessorType(XmlAccessType.FIELD)
-public class ArchivalRequestData {
+public class KeyArchivalRequest {
 
     private static final String CLIENT_ID = "clientID";
     private static final String TRANS_WRAPPED_SESSION_KEY = "transWrappedSessionKey";
@@ -52,11 +52,11 @@ public class ArchivalRequestData {
     @XmlElement
     protected String wrappedPrivateData;
 
-    public ArchivalRequestData() {
+    public KeyArchivalRequest() {
         // required for JAXB (defaults)
     }
 
-    public ArchivalRequestData(MultivaluedMap<String, String> form) {
+    public KeyArchivalRequest(MultivaluedMap<String, String> form) {
         clientId = form.getFirst(CLIENT_ID);
         transWrappedSessionKey = form.getFirst(TRANS_WRAPPED_SESSION_KEY);
         dataType = form.getFirst(DATA_TYPE);
diff --git a/base/common/src/com/netscape/cms/servlet/key/model/KeyData.java b/base/common/src/com/netscape/certsrv/key/KeyData.java
index 2ff2b5d0c..63c0591c2 100644
--- a/base/common/src/com/netscape/cms/servlet/key/model/KeyData.java
+++ b/base/common/src/com/netscape/certsrv/key/KeyData.java
@@ -19,7 +19,7 @@
 /**
  *
  */
-package com.netscape.cms.servlet.key.model;
+package com.netscape.certsrv.key;
 
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlRootElement;
diff --git a/base/common/src/com/netscape/cms/servlet/key/model/KeyDataInfo.java b/base/common/src/com/netscape/certsrv/key/KeyDataInfo.java
index 6fd9649fb..6f4751dcc 100644
--- a/base/common/src/com/netscape/cms/servlet/key/model/KeyDataInfo.java
+++ b/base/common/src/com/netscape/certsrv/key/KeyDataInfo.java
@@ -18,7 +18,7 @@
 /**
  *
  */
-package com.netscape.cms.servlet.key.model;
+package com.netscape.certsrv.key;
 
 
 import javax.xml.bind.annotation.XmlAccessType;
diff --git a/base/common/src/com/netscape/cms/servlet/key/model/KeyDataInfos.java b/base/common/src/com/netscape/certsrv/key/KeyDataInfos.java
index 79e5add95..c04820299 100644
--- a/base/common/src/com/netscape/cms/servlet/key/model/KeyDataInfos.java
+++ b/base/common/src/com/netscape/certsrv/key/KeyDataInfos.java
@@ -15,7 +15,7 @@
 // (C) 2012 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.key.model;
+package com.netscape.certsrv.key;
 
 import java.util.Collection;
 import java.util.List;
@@ -24,7 +24,7 @@ import javax.xml.bind.annotation.XmlElementRef;
 import javax.xml.bind.annotation.XmlRootElement;
 import javax.xml.bind.annotation.XmlTransient;
 
-import com.netscape.cms.servlet.base.model.Link;
+import com.netscape.certsrv.base.Link;
 
 @XmlRootElement(name = "SecurityDataInfos")
 public class KeyDataInfos {
diff --git a/base/common/src/com/netscape/cms/servlet/request/model/RecoveryRequestData.java b/base/common/src/com/netscape/certsrv/key/KeyRecoveryRequest.java
index 335414792..d14f61241 100644
--- a/base/common/src/com/netscape/cms/servlet/request/model/RecoveryRequestData.java
+++ b/base/common/src/com/netscape/certsrv/key/KeyRecoveryRequest.java
@@ -19,13 +19,13 @@
 /**
  *
  */
-package com.netscape.cms.servlet.request.model;
+package com.netscape.certsrv.key;
 
 import javax.ws.rs.core.MultivaluedMap;
 import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlRootElement;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
 import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
 
 import com.netscape.certsrv.dbs.keydb.KeyId;
@@ -37,9 +37,9 @@ import com.netscape.certsrv.request.RequestIdAdapter;
  * @author alee
  *
  */
-@XmlRootElement(name="SecurityDataRecoveryRequest")
+@XmlRootElement(name="KeyRecoveryRequest")
 @XmlAccessorType(XmlAccessType.FIELD)
-public class RecoveryRequestData {
+public class KeyRecoveryRequest {
 
     private static final String KEY_ID = "keyId";
     private static final String REQUEST_ID = "requestId";
@@ -64,11 +64,11 @@ public class RecoveryRequestData {
     @XmlElement
     protected String nonceData;
 
-    public RecoveryRequestData() {
+    public KeyRecoveryRequest() {
         // required for JAXB (defaults)
     }
 
-    public RecoveryRequestData(MultivaluedMap<String, String> form) {
+    public KeyRecoveryRequest(MultivaluedMap<String, String> form) {
         if (form.containsKey(KEY_ID)) {
             keyId = new KeyId(form.getFirst(KEY_ID));
         }
diff --git a/base/common/src/com/netscape/cms/servlet/request/model/KeyRequestInfo.java b/base/common/src/com/netscape/certsrv/key/KeyRequestInfo.java
index 91d5f8210..2a0e062e5 100644
--- a/base/common/src/com/netscape/cms/servlet/request/model/KeyRequestInfo.java
+++ b/base/common/src/com/netscape/certsrv/key/KeyRequestInfo.java
@@ -16,7 +16,7 @@
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
 
-package com.netscape.cms.servlet.request.model;
+package com.netscape.certsrv.key;
 
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
@@ -24,6 +24,7 @@ import javax.xml.bind.annotation.XmlElement;
 import javax.xml.bind.annotation.XmlRootElement;
 
 import com.netscape.certsrv.dbs.keydb.KeyId;
+import com.netscape.certsrv.request.CMSRequestInfo;
 
 @XmlRootElement(name = "SecurityDataRequestInfo")
 @XmlAccessorType(XmlAccessType.FIELD)
diff --git a/base/common/src/com/netscape/cms/servlet/request/model/KeyRequestInfos.java b/base/common/src/com/netscape/certsrv/key/KeyRequestInfos.java
index dc1b6a5e4..67e6fdf5c 100644
--- a/base/common/src/com/netscape/cms/servlet/request/model/KeyRequestInfos.java
+++ b/base/common/src/com/netscape/certsrv/key/KeyRequestInfos.java
@@ -15,7 +15,7 @@
 // (C) 2011 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.request.model;
+package com.netscape.certsrv.key;
 
 import java.util.Collection;
 import java.util.List;
@@ -24,7 +24,7 @@ import javax.xml.bind.annotation.XmlElementRef;
 import javax.xml.bind.annotation.XmlRootElement;
 import javax.xml.bind.annotation.XmlTransient;
 
-import com.netscape.cms.servlet.base.model.Link;
+import com.netscape.certsrv.base.Link;
 
 @XmlRootElement(name = "SecurityDataRequestInfos")
 public class KeyRequestInfos {
diff --git a/base/common/src/com/netscape/cms/servlet/request/KeyRequestResource.java b/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java
index 9ed2eb2a1..7fecd0610 100644
--- a/base/common/src/com/netscape/cms/servlet/request/KeyRequestResource.java
+++ b/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java
@@ -1,4 +1,4 @@
-package com.netscape.cms.servlet.request;
+package com.netscape.certsrv.key;
 
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DefaultValue;
@@ -12,10 +12,6 @@ import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.MultivaluedMap;
 
 import com.netscape.certsrv.request.RequestId;
-import com.netscape.cms.servlet.request.model.ArchivalRequestData;
-import com.netscape.cms.servlet.request.model.KeyRequestInfo;
-import com.netscape.cms.servlet.request.model.KeyRequestInfos;
-import com.netscape.cms.servlet.request.model.RecoveryRequestData;
 
 @Path("agent/keyrequests")
 public interface KeyRequestResource {
@@ -62,7 +58,7 @@ public interface KeyRequestResource {
     @Path("archive")
     @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
     @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
-    public KeyRequestInfo archiveKey(ArchivalRequestData data);
+    public KeyRequestInfo archiveKey(KeyArchivalRequest data);
 
     //Recovery - used to test integration with a browser
     @POST
@@ -75,7 +71,7 @@ public interface KeyRequestResource {
     @Path("recover")
     @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
     @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
-    public KeyRequestInfo recoverKey(RecoveryRequestData data);
+    public KeyRequestInfo recoverKey(KeyRecoveryRequest data);
 
     @POST
     @Path("{id}/approve")
diff --git a/base/common/src/com/netscape/cms/servlet/key/KeyResource.java b/base/common/src/com/netscape/certsrv/key/KeyResource.java
index 4d352eaea..a499ca11f 100644
--- a/base/common/src/com/netscape/cms/servlet/key/KeyResource.java
+++ b/base/common/src/com/netscape/certsrv/key/KeyResource.java
@@ -1,4 +1,4 @@
-package com.netscape.cms.servlet.key;
+package com.netscape.certsrv.key;
 
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DefaultValue;
@@ -10,9 +10,6 @@ import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.MultivaluedMap;
 
-import com.netscape.cms.servlet.key.model.KeyData;
-import com.netscape.cms.servlet.key.model.KeyDataInfos;
-import com.netscape.cms.servlet.request.model.RecoveryRequestData;
 
 @Path("agent/keys")
 public interface KeyResource {
@@ -37,7 +34,7 @@ public interface KeyResource {
     @Path("retrieve")
     @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
     @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
-    public KeyData retrieveKey(RecoveryRequestData data);
+    public KeyData retrieveKey(KeyRecoveryRequest data);
 
     // retrieval - used to test integration with a browser
     @POST
diff --git a/base/common/src/com/netscape/cms/servlet/profile/model/PolicyConstraint.java b/base/common/src/com/netscape/certsrv/profile/PolicyConstraint.java
index 588431a83..8b43661a2 100644
--- a/base/common/src/com/netscape/cms/servlet/profile/model/PolicyConstraint.java
+++ b/base/common/src/com/netscape/certsrv/profile/PolicyConstraint.java
@@ -15,7 +15,7 @@
 // (C) 2012 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.profile.model;
+package com.netscape.certsrv.profile;
 
 import java.util.ArrayList;
 import java.util.List;
diff --git a/base/common/src/com/netscape/cms/servlet/profile/model/PolicyConstraintValue.java b/base/common/src/com/netscape/certsrv/profile/PolicyConstraintValue.java
index 7b60e7ea6..5241ad832 100644
--- a/base/common/src/com/netscape/cms/servlet/profile/model/PolicyConstraintValue.java
+++ b/base/common/src/com/netscape/certsrv/profile/PolicyConstraintValue.java
@@ -15,7 +15,7 @@
 // (C) 2012 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.profile.model;
+package com.netscape.certsrv.profile;
 
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
diff --git a/base/common/src/com/netscape/cms/servlet/profile/model/PolicyDefault.java b/base/common/src/com/netscape/certsrv/profile/PolicyDefault.java
index 2c66fc9dc..2b95cf5f0 100644
--- a/base/common/src/com/netscape/cms/servlet/profile/model/PolicyDefault.java
+++ b/base/common/src/com/netscape/certsrv/profile/PolicyDefault.java
@@ -15,7 +15,7 @@
 // (C) 2012 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.profile.model;
+package com.netscape.certsrv.profile;
 
 import java.util.ArrayList;
 import java.util.List;
diff --git a/base/common/src/com/netscape/cms/servlet/profile/model/ProfileAttribute.java b/base/common/src/com/netscape/certsrv/profile/ProfileAttribute.java
index 616c0695d..9c889bb8a 100644
--- a/base/common/src/com/netscape/cms/servlet/profile/model/ProfileAttribute.java
+++ b/base/common/src/com/netscape/certsrv/profile/ProfileAttribute.java
@@ -15,7 +15,7 @@
 // (C) 2012 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.profile.model;
+package com.netscape.certsrv.profile;
 
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
diff --git a/base/common/src/com/netscape/cms/servlet/profile/model/ProfileData.java b/base/common/src/com/netscape/certsrv/profile/ProfileData.java
index 7f7f26b29..465981add 100644
--- a/base/common/src/com/netscape/cms/servlet/profile/model/ProfileData.java
+++ b/base/common/src/com/netscape/certsrv/profile/ProfileData.java
@@ -19,7 +19,7 @@
 /**
  *
  */
-package com.netscape.cms.servlet.profile.model;
+package com.netscape.certsrv.profile;
 
 import java.util.ArrayList;
 import java.util.Iterator;
diff --git a/base/common/src/com/netscape/cms/servlet/profile/model/ProfileDataInfo.java b/base/common/src/com/netscape/certsrv/profile/ProfileDataInfo.java
index d5083c7a4..22062309d 100644
--- a/base/common/src/com/netscape/cms/servlet/profile/model/ProfileDataInfo.java
+++ b/base/common/src/com/netscape/certsrv/profile/ProfileDataInfo.java
@@ -16,7 +16,7 @@
 //All rights reserved.
 //--- END COPYRIGHT BLOCK ---
 
-package com.netscape.cms.servlet.profile.model;
+package com.netscape.certsrv.profile;
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlElement;
diff --git a/base/common/src/com/netscape/cms/servlet/profile/model/ProfileDataInfos.java b/base/common/src/com/netscape/certsrv/profile/ProfileDataInfos.java
index e14ac6641..ed2c11cf7 100644
--- a/base/common/src/com/netscape/cms/servlet/profile/model/ProfileDataInfos.java
+++ b/base/common/src/com/netscape/certsrv/profile/ProfileDataInfos.java
@@ -15,7 +15,7 @@
 //(C) 2012 Red Hat, Inc.
 //All rights reserved.
 //--- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.profile.model;
+package com.netscape.certsrv.profile;
 
 import java.util.Collection;
 import java.util.List;
@@ -24,7 +24,7 @@ import javax.xml.bind.annotation.XmlElementRef;
 import javax.xml.bind.annotation.XmlRootElement;
 import javax.xml.bind.annotation.XmlTransient;
 
-import com.netscape.cms.servlet.base.model.Link;
+import com.netscape.certsrv.base.Link;
 
 @XmlRootElement(name = "ProfileDataInfos")
 public class ProfileDataInfos {
diff --git a/base/common/src/com/netscape/cms/servlet/profile/model/ProfileInput.java b/base/common/src/com/netscape/certsrv/profile/ProfileInput.java
index 631a013cc..64d2aafdb 100644
--- a/base/common/src/com/netscape/cms/servlet/profile/model/ProfileInput.java
+++ b/base/common/src/com/netscape/certsrv/profile/ProfileInput.java
@@ -15,7 +15,7 @@
 // (C) 2007 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.profile.model;
+package com.netscape.certsrv.profile;
 
 import java.util.ArrayList;
 import java.util.LinkedHashMap;
diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileNotFoundException.java b/base/common/src/com/netscape/certsrv/profile/ProfileNotFoundException.java
index 30a1a5852..7a1c9ea62 100644
--- a/base/common/src/com/netscape/cms/servlet/profile/ProfileNotFoundException.java
+++ b/base/common/src/com/netscape/certsrv/profile/ProfileNotFoundException.java
@@ -15,13 +15,13 @@
 // (C) 2007 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.profile;
+package com.netscape.certsrv.profile;
 
 import javax.ws.rs.core.Response;
 
-import com.netscape.cms.servlet.base.CMSException;
+import com.netscape.certsrv.base.PKIException;
 
-public class ProfileNotFoundException extends CMSException {
+public class ProfileNotFoundException extends PKIException {
 
     private static final long serialVersionUID = -4784839378360933483L;
 
diff --git a/base/common/src/com/netscape/cms/servlet/profile/model/ProfileOutput.java b/base/common/src/com/netscape/certsrv/profile/ProfileOutput.java
index f27db4101..2e25f619d 100644
--- a/base/common/src/com/netscape/cms/servlet/profile/model/ProfileOutput.java
+++ b/base/common/src/com/netscape/certsrv/profile/ProfileOutput.java
@@ -15,7 +15,7 @@
 // (C) 2007 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.profile.model;
+package com.netscape.certsrv.profile;
 
 import java.util.ArrayList;
 import java.util.List;
diff --git a/base/common/src/com/netscape/cms/servlet/profile/model/ProfilePolicy.java b/base/common/src/com/netscape/certsrv/profile/ProfilePolicy.java
index a24f93619..d5f84f188 100644
--- a/base/common/src/com/netscape/cms/servlet/profile/model/ProfilePolicy.java
+++ b/base/common/src/com/netscape/certsrv/profile/ProfilePolicy.java
@@ -15,7 +15,7 @@
 //(C) 2012 Red Hat, Inc.
 //All rights reserved.
 //--- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.profile.model;
+package com.netscape.certsrv.profile;
 
 import java.io.ByteArrayOutputStream;
 
diff --git a/base/common/src/com/netscape/cms/servlet/profile/model/ProfilePolicySet.java b/base/common/src/com/netscape/certsrv/profile/ProfilePolicySet.java
index 784f5670d..6c1dc2b9d 100644
--- a/base/common/src/com/netscape/cms/servlet/profile/model/ProfilePolicySet.java
+++ b/base/common/src/com/netscape/certsrv/profile/ProfilePolicySet.java
@@ -15,7 +15,7 @@
 //(C) 2012 Red Hat, Inc.
 //All rights reserved.
 //--- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.profile.model;
+package com.netscape.certsrv.profile;
 
 import java.util.ArrayList;
 import java.util.List;
diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileResource.java b/base/common/src/com/netscape/certsrv/profile/ProfileResource.java
index cc32234b2..6dadef560 100644
--- a/base/common/src/com/netscape/cms/servlet/profile/ProfileResource.java
+++ b/base/common/src/com/netscape/certsrv/profile/ProfileResource.java
@@ -1,4 +1,4 @@
-package com.netscape.cms.servlet.profile;
+package com.netscape.certsrv.profile;
 
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
@@ -6,8 +6,6 @@ import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 
-import com.netscape.cms.servlet.profile.model.ProfileData;
-import com.netscape.cms.servlet.profile.model.ProfileDataInfos;
 
 @Path("agent/profiles")
 public interface ProfileResource {
diff --git a/base/common/src/com/netscape/cms/servlet/request/model/ProfileRetrievalRequestData.java b/base/common/src/com/netscape/certsrv/profile/ProfileRetrievalRequest.java
index 7a0359587..608686b79 100644
--- a/base/common/src/com/netscape/cms/servlet/request/model/ProfileRetrievalRequestData.java
+++ b/base/common/src/com/netscape/certsrv/profile/ProfileRetrievalRequest.java
@@ -19,7 +19,7 @@
 /**
  *
  */
-package com.netscape.cms.servlet.request.model;
+package com.netscape.certsrv.profile;
 
 import javax.ws.rs.core.MultivaluedMap;
 import javax.xml.bind.annotation.XmlAccessType;
@@ -33,18 +33,18 @@ import javax.xml.bind.annotation.XmlRootElement;
  */
 @XmlRootElement(name = "ProfileRetrievalRequest")
 @XmlAccessorType(XmlAccessType.FIELD)
-public class ProfileRetrievalRequestData {
+public class ProfileRetrievalRequest {
 
     private static final String PROFILE_ID = "profileId";
 
     @XmlElement
     protected String profileId;
 
-    public ProfileRetrievalRequestData() {
+    public ProfileRetrievalRequest() {
         // required for JAXB (defaults)
     }
 
-    public ProfileRetrievalRequestData(MultivaluedMap<String, String> form) {
+    public ProfileRetrievalRequest(MultivaluedMap<String, String> form) {
         if (form.containsKey(PROFILE_ID)) {
             profileId = form.getFirst(PROFILE_ID);
         }
diff --git a/base/common/src/com/netscape/cms/servlet/request/model/CMSRequestInfo.java b/base/common/src/com/netscape/certsrv/request/CMSRequestInfo.java
index f06334f6b..0be24fbb4 100644
--- a/base/common/src/com/netscape/cms/servlet/request/model/CMSRequestInfo.java
+++ b/base/common/src/com/netscape/certsrv/request/CMSRequestInfo.java
@@ -15,16 +15,13 @@
 //(C) 2012 Red Hat, Inc.
 //All rights reserved.
 //--- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.request.model;
+package com.netscape.certsrv.request;
 
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlElement;
 import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
 
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.certsrv.request.RequestStatusAdapter;
 @XmlAccessorType(XmlAccessType.FIELD)
 public  class CMSRequestInfo {
 
diff --git a/base/common/src/com/netscape/cms/servlet/request/model/CMSRequestInfos.java b/base/common/src/com/netscape/certsrv/request/CMSRequestInfos.java
index 63b2e56b1..cb07caf71 100644
--- a/base/common/src/com/netscape/cms/servlet/request/model/CMSRequestInfos.java
+++ b/base/common/src/com/netscape/certsrv/request/CMSRequestInfos.java
@@ -15,12 +15,12 @@
 //(C) 2011 Red Hat, Inc.
 //All rights reserved.
 //--- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.request.model;
+package com.netscape.certsrv.request;
 
 import java.util.Collection;
 import java.util.List;
 
-import com.netscape.cms.servlet.base.model.Link;
+import com.netscape.certsrv.base.Link;
 
 //Convenience class to simply hold a Collection of CMSRequests and a List of Links.
 public class CMSRequestInfos {
diff --git a/base/common/src/com/netscape/cms/servlet/request/RequestNotFoundException.java b/base/common/src/com/netscape/certsrv/request/RequestNotFoundException.java
index 5d6b5563b..3db10dd3a 100644
--- a/base/common/src/com/netscape/cms/servlet/request/RequestNotFoundException.java
+++ b/base/common/src/com/netscape/certsrv/request/RequestNotFoundException.java
@@ -1,11 +1,10 @@
-package com.netscape.cms.servlet.request;
+package com.netscape.certsrv.request;
 
 import javax.ws.rs.core.Response;
 
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.cms.servlet.base.CMSException;
+import com.netscape.certsrv.base.PKIException;
 
-public class RequestNotFoundException extends CMSException {
+public class RequestNotFoundException extends PKIException {
 
     private static final long serialVersionUID = -4784839378360933483L;
 
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/model/ConfigurationData.java b/base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java
index 3c1bea86b..ac29b2da7 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/model/ConfigurationData.java
+++ b/base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java
@@ -15,7 +15,7 @@
 // (C) 2012 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin.model;
+package com.netscape.certsrv.system;
 
 import java.util.Collection;
 
@@ -30,9 +30,9 @@ import javax.xml.bind.annotation.XmlRootElement;
  * @author alee
  *
  */
-@XmlRootElement(name="ConfigurationData")
+@XmlRootElement(name="ConfigurationRequest")
 @XmlAccessorType(XmlAccessType.FIELD)
-public class ConfigurationData {
+public class ConfigurationRequest {
     private static final String PIN = "pin";
     private static final String TOKEN = "token";
     private static final String TOKEN_PASSWORD = "tokenPassword";
@@ -152,7 +152,7 @@ public class ConfigurationData {
     protected String replicationSecurity;
 
     @XmlElementRef
-    protected Collection<CertData> systemCerts;
+    protected Collection<SystemCertData> systemCerts;
 
     @XmlElement
     protected String issuingCA;
@@ -193,11 +193,11 @@ public class ConfigurationData {
     @XmlElement
     protected String stepTwo;
 
-    public ConfigurationData() {
+    public ConfigurationRequest() {
         // required for JAXB
     }
 
-    public ConfigurationData(MultivaluedMap<String, String> form) {
+    public ConfigurationRequest(MultivaluedMap<String, String> form) {
         pin = form.getFirst(PIN);
         token = form.getFirst(TOKEN);
         tokenPassword = form.getFirst(TOKEN_PASSWORD);
@@ -533,7 +533,7 @@ public class ConfigurationData {
      *
      * @return systemCerts
      */
-    public Collection<CertData> getSystemCerts() {
+    public Collection<SystemCertData> getSystemCerts() {
         return systemCerts;
     }
 
@@ -541,7 +541,7 @@ public class ConfigurationData {
      *
      * @param systemCerts
      */
-    public void setSystemCerts(Collection<CertData> systemCerts) {
+    public void setSystemCerts(Collection<SystemCertData> systemCerts) {
         this.systemCerts = systemCerts;
     }
 
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/model/ConfigurationResponseData.java b/base/common/src/com/netscape/certsrv/system/ConfigurationResponse.java
index d1656fdda..6d3275a51 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/model/ConfigurationResponseData.java
+++ b/base/common/src/com/netscape/certsrv/system/ConfigurationResponse.java
@@ -14,14 +14,13 @@
 //
 // (C) 2012 Red Hat, Inc.
 // All rights reserved.
-// --- END COPYRIGHT BLOCK --- 
-package com.netscape.cms.servlet.csadmin.model;
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.system;
 
 import java.security.cert.CertificateEncodingException;
 import java.util.ArrayList;
 import java.util.Collection;
-import java.util.Enumeration;
-import java.util.Vector;
+
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlElement;
@@ -31,69 +30,54 @@ import javax.xml.bind.annotation.XmlRootElement;
 import netscape.security.x509.X509CertImpl;
 
 import com.netscape.certsrv.apps.CMS;
-import com.netscape.cms.servlet.csadmin.Cert;
 
 /**
  * @author alee
  *
  */
-@XmlRootElement(name="ConfigurationResponseData")
+@XmlRootElement(name="ConfigurationResponse")
 @XmlAccessorType(XmlAccessType.FIELD)
-public class ConfigurationResponseData {
-    
+public class ConfigurationResponse {
+
     @XmlElementRef
-    protected Collection<CertData> systemCerts;
-    
+    protected Collection<SystemCertData> systemCerts;
+
     @XmlElement
-    protected CertData adminCert;
-    
+    protected SystemCertData adminCert;
+
     @XmlElement
     protected String status;
-    
-    public ConfigurationResponseData() {
-        systemCerts = new ArrayList<CertData>();
-        adminCert = new CertData();
-    }
-    
-    public void setSystemCerts(Vector<Cert> certs) {
-        systemCerts.clear();
-        Enumeration<Cert> e = certs.elements();
-        while (e.hasMoreElements()) {
-            Cert cert = e.nextElement();
-            CertData cdata = new CertData();
-            cdata.setCert(cert.getCert());
-            cdata.setRequest(cert.getRequest());
-            cdata.setTag(cert.getCertTag());
-            cdata.setCertChain(cert.getCertChain());
-            systemCerts.add(cdata);
-        }
+
+    public ConfigurationResponse() {
+        systemCerts = new ArrayList<SystemCertData>();
+        adminCert = new SystemCertData();
     }
-    
+
     /**
      * @return the systemCerts
      */
-    public Collection<CertData> getSystemCerts() {
+    public Collection<SystemCertData> getSystemCerts() {
         return systemCerts;
     }
 
     /**
      * @param systemCerts the systemCerts to set
      */
-    public void setSystemCerts(Collection<CertData> systemCerts) {
+    public void setSystemCerts(Collection<SystemCertData> systemCerts) {
         this.systemCerts = systemCerts;
     }
 
     /**
      * @return the adminCert
      */
-    public CertData getAdminCert() {
+    public SystemCertData getAdminCert() {
         return adminCert;
     }
 
     /**
      * @param adminCert the adminCert to set
      */
-    public void setAdminCert(CertData adminCert) {
+    public void setAdminCert(SystemCertData adminCert) {
         this.adminCert = adminCert;
     }
 
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/model/DomainInfo.java b/base/common/src/com/netscape/certsrv/system/DomainInfo.java
index 7ba351cb1..50b606af3 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/model/DomainInfo.java
+++ b/base/common/src/com/netscape/certsrv/system/DomainInfo.java
@@ -15,7 +15,7 @@
 // (C) 2012 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK --- 
-package com.netscape.cms.servlet.csadmin.model;
+package com.netscape.certsrv.system;
 
 import javax.xml.bind.annotation.XmlElement;
 import javax.xml.bind.annotation.XmlRootElement;
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/model/InstallToken.java b/base/common/src/com/netscape/certsrv/system/InstallToken.java
index 59284de37..aa34893a1 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/model/InstallToken.java
+++ b/base/common/src/com/netscape/certsrv/system/InstallToken.java
@@ -15,7 +15,7 @@
 // (C) 2012 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK --- 
-package com.netscape.cms.servlet.csadmin.model;
+package com.netscape.certsrv.system;
 
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/model/InstallTokenRequest.java b/base/common/src/com/netscape/certsrv/system/InstallTokenRequest.java
index 40be4179d..bc000a96a 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/model/InstallTokenRequest.java
+++ b/base/common/src/com/netscape/certsrv/system/InstallTokenRequest.java
@@ -15,7 +15,7 @@
 // (C) 2012 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK --- 
-package com.netscape.cms.servlet.csadmin.model;
+package com.netscape.certsrv.system;
 
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlElement;
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/model/SecurityDomainHost.java b/base/common/src/com/netscape/certsrv/system/SecurityDomainHost.java
index cd12cfaf2..9dbf4e8a9 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/model/SecurityDomainHost.java
+++ b/base/common/src/com/netscape/certsrv/system/SecurityDomainHost.java
@@ -15,7 +15,7 @@
 // (C) 2012 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin.model;
+package com.netscape.certsrv.system;
 
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/model/SecurityDomainHostList.java b/base/common/src/com/netscape/certsrv/system/SecurityDomainHostList.java
index 71922731e..375dee754 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/model/SecurityDomainHostList.java
+++ b/base/common/src/com/netscape/certsrv/system/SecurityDomainHostList.java
@@ -1,7 +1,7 @@
 /**
  * 
  */
-package com.netscape.cms.servlet.csadmin.model;
+package com.netscape.certsrv.system;
 
 import java.util.Collection;
 
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/model/CertData.java b/base/common/src/com/netscape/certsrv/system/SystemCertData.java
index d9e5e8005..a509e3fb5 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/model/CertData.java
+++ b/base/common/src/com/netscape/certsrv/system/SystemCertData.java
@@ -14,9 +14,9 @@
 //
 // (C) 2012 Red Hat, Inc.
 // All rights reserved.
-// --- END COPYRIGHT BLOCK --- 
- 
-package com.netscape.cms.servlet.csadmin.model;
+// --- END COPYRIGHT BLOCK ---
+
+package com.netscape.certsrv.system;
 
 import javax.ws.rs.core.MultivaluedMap;
 import javax.xml.bind.annotation.XmlAccessType;
@@ -28,63 +28,63 @@ import javax.xml.bind.annotation.XmlRootElement;
  * @author alee
  *
  */
-@XmlRootElement(name="CertData")
+@XmlRootElement(name="SystemCertData")
 @XmlAccessorType(XmlAccessType.FIELD)
-public class CertData {
+public class SystemCertData {
     public static final String TAG = "tag";
     public static final String NICKNAME = "nickname";
     public static final String TOKEN = "token";
     public static final String KEY_TYPE = "keyType";
     public static final String KEY_ALGORITHM = "keyAlgorithm";
-    public static final String SIGNING_ALGORITHM = "signingAlgorithm";    
+    public static final String SIGNING_ALGORITHM = "signingAlgorithm";
     public static final String KEY_SIZE = "keySize";
     public static final String KEY_CURVENAME = "keyCurveName";
     public static final String REQUEST = "request";
     public static final String SUBJECT_DN = "subjectDN";
     public static final String CERT = "cert";
     public static final String CERT_CHAIN = "certChain";
-    
+
     @XmlElement
     protected String tag;
-    
+
     @XmlElement
     protected String nickname;
-    
+
     @XmlElement
     protected String token;
-    
+
     @XmlElement
     protected String keyType;
-    
+
     @XmlElement
     protected String keyAlgorithm;
-    
+
     @XmlElement
     protected String signingAlgorithm;
-    
+
     @XmlElement
     protected String keySize;
-    
+
     @XmlElement
     protected String keyCurveName;
-    
+
     @XmlElement
     protected String request;
-    
+
     @XmlElement
     protected String subjectDN;
-    
+
     @XmlElement
     protected String cert;
-    
+
     @XmlElement
     protected String certChain;
-    
-    public CertData() {
+
+    public SystemCertData() {
         // required for JAXB
     }
-    
-    public CertData(MultivaluedMap<String, String> form) {
+
+    public SystemCertData(MultivaluedMap<String, String> form) {
         tag = form.getFirst(TAG);
         nickname = form.getFirst(NICKNAME);
         token = form.getFirst(TOKEN);
@@ -266,5 +266,5 @@ public class CertData {
     public void setCertChain(String certChain) {
         this.certChain = certChain;
     }
-    
+
 }
diff --git a/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResource.java b/base/common/src/com/netscape/certsrv/system/SystemCertificateResource.java
index aaf3fa129..1096520fc 100644
--- a/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResource.java
+++ b/base/common/src/com/netscape/certsrv/system/SystemCertificateResource.java
@@ -1,4 +1,4 @@
-package com.netscape.cms.servlet.admin;
+package com.netscape.certsrv.system;
 
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
@@ -8,7 +8,7 @@ import javax.ws.rs.core.Response;
 
 import org.jboss.resteasy.annotations.ClientResponseType;
 
-import com.netscape.cms.servlet.cert.model.CertificateData;
+import com.netscape.certsrv.cert.CertData;
 
 @Path("config/cert")
 public interface SystemCertificateResource {
@@ -18,7 +18,7 @@ public interface SystemCertificateResource {
      */
     @GET
     @Path("transport")
-    @ClientResponseType(entityType=CertificateData.class)
+    @ClientResponseType(entityType=CertData.class)
     @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
     public Response getTransportCert();
 
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigurationResource.java b/base/common/src/com/netscape/certsrv/system/SystemConfigResource.java
index 2918842c9..4ecafc6f7 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigurationResource.java
+++ b/base/common/src/com/netscape/certsrv/system/SystemConfigResource.java
@@ -15,7 +15,7 @@
 // (C) 2012 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
+package com.netscape.certsrv.system;
 
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
@@ -25,29 +25,24 @@ import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.MultivaluedMap;
 
-import com.netscape.cms.servlet.csadmin.model.ConfigurationData;
-import com.netscape.cms.servlet.csadmin.model.ConfigurationResponseData;
-import com.netscape.cms.servlet.csadmin.model.DomainInfo;
-import com.netscape.cms.servlet.csadmin.model.InstallToken;
-import com.netscape.cms.servlet.csadmin.model.InstallTokenRequest;
 
 /**
  * @author alee
  */
 @Path("installer")
-public interface SystemConfigurationResource {
+public interface SystemConfigResource {
 
     @POST
     @Path("configure")
     @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
     @Consumes({ MediaType.APPLICATION_FORM_URLENCODED })
-    public ConfigurationResponseData configure(MultivaluedMap<String, String> form);
+    public ConfigurationResponse configure(MultivaluedMap<String, String> form);
 
     @POST
     @Path("configure")
     @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
     @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
-    public ConfigurationResponseData configure(ConfigurationData data);
+    public ConfigurationResponse configure(ConfigurationRequest data);
 
     @POST
     @Path("installToken")
diff --git a/base/common/src/com/netscape/cms/client/cli/ClientConfig.java b/base/common/src/com/netscape/cms/client/ClientConfig.java
index 8b5380805..7299d4d22 100644
--- a/base/common/src/com/netscape/cms/client/cli/ClientConfig.java
+++ b/base/common/src/com/netscape/cms/client/ClientConfig.java
@@ -16,7 +16,7 @@
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
 
-package com.netscape.cms.client.cli;
+package com.netscape.cms.client;
 
 import java.io.StringReader;
 import java.io.StringWriter;
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java b/base/common/src/com/netscape/cms/client/PKIClient.java
index 9d7f2f9ac..ddd47dab6 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java
+++ b/base/common/src/com/netscape/cms/client/PKIClient.java
@@ -1,4 +1,4 @@
-package com.netscape.cms.servlet.csadmin;
+package com.netscape.cms.client;
 
 import java.io.File;
 import java.io.IOException;
@@ -50,9 +50,8 @@ import org.mozilla.jss.crypto.AlreadyInitializedException;
 import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;
 import org.mozilla.jss.ssl.SSLSocket;
 
-import com.netscape.cms.client.cli.ClientConfig;
 
-public abstract class CMSRestClient {
+public abstract class PKIClient {
 
     protected boolean verbose;
 
@@ -62,7 +61,7 @@ public abstract class CMSRestClient {
     protected ClientErrorHandler errorHandler;
     protected ClientExecutor executor;
 
-    public CMSRestClient(ClientConfig config) {
+    public PKIClient(ClientConfig config) {
         this.config = config;
 
         DefaultHttpClient httpClient = new DefaultHttpClient();
@@ -147,7 +146,7 @@ public abstract class CMSRestClient {
 
         executor = new ApacheHttpClient4Executor(httpClient);
         providerFactory = ResteasyProviderFactory.getInstance();
-        providerFactory.addClientErrorInterceptor(new CMSErrorInterceptor());
+        providerFactory.addClientErrorInterceptor(new PKIErrorInterceptor());
         errorHandler = new ClientErrorHandler(providerFactory.getClientErrorInterceptors());
     }
 
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/CMSErrorInterceptor.java b/base/common/src/com/netscape/cms/client/PKIErrorInterceptor.java
index 870422391..445778db4 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/CMSErrorInterceptor.java
+++ b/base/common/src/com/netscape/cms/client/PKIErrorInterceptor.java
@@ -15,7 +15,7 @@
 // (C) 2007 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
+package com.netscape.cms.client;
 
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.MultivaluedMap;
@@ -23,9 +23,9 @@ import javax.ws.rs.core.MultivaluedMap;
 import org.jboss.resteasy.client.ClientResponse;
 import org.jboss.resteasy.client.core.ClientErrorInterceptor;
 
-import com.netscape.cms.servlet.base.CMSException;
+import com.netscape.certsrv.base.PKIException;
 
-public class CMSErrorInterceptor implements ClientErrorInterceptor {
+public class PKIErrorInterceptor implements ClientErrorInterceptor {
 
     public void handle(ClientResponse<?> response) {
 
@@ -41,15 +41,15 @@ public class CMSErrorInterceptor implements ClientErrorInterceptor {
         if (contentType == null || !contentType.startsWith(MediaType.APPLICATION_XML))
             return;
 
-        CMSException exception;
+        PKIException exception;
 
         try {
             // Requires RESTEasy 2.3.2
             // https://issues.jboss.org/browse/RESTEASY-652
-            CMSException.Data data = response.getEntity(CMSException.Data.class);
+            PKIException.Data data = response.getEntity(PKIException.Data.class);
 
             Class<?> clazz = Class.forName(data.className);
-            exception = (CMSException) clazz.getConstructor(CMSException.Data.class).newInstance(data);
+            exception = (PKIException) clazz.getConstructor(PKIException.Data.class).newInstance(data);
 
         } catch (Exception e) {
             e.printStackTrace();
diff --git a/base/ca/functional/src/com/netscape/cms/servlet/test/CARestClient.java b/base/common/src/com/netscape/cms/client/ca/CAClient.java
index 24ce21277..a72f95962 100644
--- a/base/ca/functional/src/com/netscape/cms/servlet/test/CARestClient.java
+++ b/base/common/src/com/netscape/cms/client/ca/CAClient.java
@@ -15,35 +15,35 @@
 //(C) 2012 Red Hat, Inc.
 //All rights reserved.
 //--- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.test;
+package com.netscape.cms.client.ca;
 
 import java.net.URISyntaxException;
 import java.util.Collection;
 
+import com.netscape.certsrv.cert.CertData;
+import com.netscape.certsrv.cert.CertDataInfos;
+import com.netscape.certsrv.cert.CertEnrollmentRequest;
+import com.netscape.certsrv.cert.CertRequestInfo;
+import com.netscape.certsrv.cert.CertRequestInfos;
+import com.netscape.certsrv.cert.CertRequestResource;
+import com.netscape.certsrv.cert.CertResource;
+import com.netscape.certsrv.cert.CertReviewResponse;
+import com.netscape.certsrv.cert.CertSearchRequest;
 import com.netscape.certsrv.dbs.certdb.CertId;
+import com.netscape.certsrv.profile.ProfileData;
+import com.netscape.certsrv.profile.ProfileDataInfos;
+import com.netscape.certsrv.profile.ProfileResource;
 import com.netscape.certsrv.request.RequestId;
-import com.netscape.cms.client.cli.ClientConfig;
-import com.netscape.cms.servlet.cert.CertResource;
-import com.netscape.cms.servlet.cert.model.CertDataInfos;
-import com.netscape.cms.servlet.cert.model.CertSearchData;
-import com.netscape.cms.servlet.cert.model.CertificateData;
-import com.netscape.cms.servlet.csadmin.CMSRestClient;
-import com.netscape.cms.servlet.profile.ProfileResource;
-import com.netscape.cms.servlet.profile.model.ProfileData;
-import com.netscape.cms.servlet.profile.model.ProfileDataInfos;
-import com.netscape.cms.servlet.request.CertRequestResource;
-import com.netscape.cms.servlet.request.model.AgentEnrollmentRequestData;
-import com.netscape.cms.servlet.request.model.CertRequestInfo;
-import com.netscape.cms.servlet.request.model.CertRequestInfos;
-import com.netscape.cms.servlet.request.model.EnrollmentRequestData;
-
-public class CARestClient extends CMSRestClient {
+import com.netscape.cms.client.ClientConfig;
+import com.netscape.cms.client.PKIClient;
+
+public class CAClient extends PKIClient {
 
     private CertResource certClient;
     private CertRequestResource certRequestClient;
     private ProfileResource profileClient;
 
-    public CARestClient(ClientConfig config) throws URISyntaxException {
+    public CAClient(ClientConfig config) throws URISyntaxException {
         super(config);
 
         certRequestClient = createProxy(CertRequestResource.class);
@@ -65,7 +65,7 @@ public class CARestClient extends CMSRestClient {
         return certClient.listCerts(status, 100, 10);
     }
 
-    public CertDataInfos searchCerts(CertSearchData data) {
+    public CertDataInfos searchCerts(CertSearchRequest data) {
         return certClient.searchCerts(data, 100, 10);
     }
 
@@ -82,7 +82,7 @@ public class CARestClient extends CMSRestClient {
         return profileClient.retrieveProfile(id);
     }
 
-    public CertificateData getCertData(CertId id) {
+    public CertData getCertData(CertId id) {
 
         if (id == null) {
             return null;
@@ -92,7 +92,7 @@ public class CARestClient extends CMSRestClient {
 
     }
 
-    public CertRequestInfos enrollCertificate(EnrollmentRequestData data) {
+    public CertRequestInfos enrollCertificate(CertEnrollmentRequest data) {
         if (data == null) {
             return null;
         }
@@ -107,34 +107,34 @@ public class CARestClient extends CMSRestClient {
         return certRequestClient.getRequestInfo(id);
     }
 
-    public AgentEnrollmentRequestData reviewRequest(RequestId id) {
+    public CertReviewResponse reviewRequest(RequestId id) {
         if (id == null) {
             return null;
         }
         return certRequestClient.reviewRequest(id);
     }
 
-    public void approveRequest(RequestId id, AgentEnrollmentRequestData data) {
+    public void approveRequest(RequestId id, CertReviewResponse data) {
         certRequestClient.approveRequest(id, data);
     }
 
-    public void rejectRequest(RequestId id, AgentEnrollmentRequestData data) {
+    public void rejectRequest(RequestId id, CertReviewResponse data) {
         certRequestClient.rejectRequest(id, data);
     }
 
-    public void cancelRequest(RequestId id, AgentEnrollmentRequestData data) {
+    public void cancelRequest(RequestId id, CertReviewResponse data) {
         certRequestClient.cancelRequest(id, data);
     }
 
-    public void updateRequest(RequestId id, AgentEnrollmentRequestData data) {
+    public void updateRequest(RequestId id, CertReviewResponse data) {
         certRequestClient.updateRequest(id, data);
     }
 
-    public void validateRequest(RequestId id, AgentEnrollmentRequestData data) {
+    public void validateRequest(RequestId id, CertReviewResponse data) {
         certRequestClient.validateRequest(id, data);
     }
 
-    public void unassignRequest(RequestId id, AgentEnrollmentRequestData data) {
+    public void unassignRequest(RequestId id, CertReviewResponse data) {
         certRequestClient.unassignRequest(id, data);
     }
 
diff --git a/base/common/src/com/netscape/cms/client/cert/CertCLI.java b/base/common/src/com/netscape/cms/client/cert/CertCLI.java
index 70ad9021e..f7bb27597 100644
--- a/base/common/src/com/netscape/cms/client/cert/CertCLI.java
+++ b/base/common/src/com/netscape/cms/client/cert/CertCLI.java
@@ -23,11 +23,11 @@ import java.util.Arrays;
 import org.apache.commons.lang.StringUtils;
 import org.jboss.resteasy.plugins.providers.atom.Link;
 
+import com.netscape.certsrv.cert.CertData;
+import com.netscape.certsrv.cert.CertDataInfo;
+import com.netscape.certsrv.cert.CertRequestInfo;
 import com.netscape.cms.client.cli.CLI;
 import com.netscape.cms.client.cli.MainCLI;
-import com.netscape.cms.servlet.cert.model.CertDataInfo;
-import com.netscape.cms.servlet.cert.model.CertificateData;
-import com.netscape.cms.servlet.request.model.CertRequestInfo;
 
 /**
  * @author Endi S. Dewata
@@ -35,7 +35,7 @@ import com.netscape.cms.servlet.request.model.CertRequestInfo;
 public class CertCLI extends CLI {
 
     public MainCLI parent;
-    public CertRestClient client;
+    public CertClient client;
 
     public CertCLI(MainCLI parent) {
         super("cert", "Certificate management commands");
@@ -75,7 +75,7 @@ public class CertCLI extends CLI {
 
     public void execute(String[] args) throws Exception {
 
-        client = new CertRestClient(parent.config);
+        client = new CertClient(parent.config);
         client.setVerbose(verbose);
 
         if (args.length == 0) {
@@ -114,7 +114,7 @@ public class CertCLI extends CLI {
     }
 
     public static void printCertData(
-            CertificateData certData,
+            CertData certData,
             boolean showPrettyPrint,
             boolean showEncoded) {
 
diff --git a/base/common/src/com/netscape/cms/client/cert/CertRestClient.java b/base/common/src/com/netscape/cms/client/cert/CertClient.java
index 7c8b9f3e4..1fcb9e40d 100644
--- a/base/common/src/com/netscape/cms/client/cert/CertRestClient.java
+++ b/base/common/src/com/netscape/cms/client/cert/CertClient.java
@@ -19,42 +19,42 @@ package com.netscape.cms.client.cert;
 
 import java.net.URISyntaxException;
 
+import com.netscape.certsrv.cert.CertData;
+import com.netscape.certsrv.cert.CertDataInfos;
+import com.netscape.certsrv.cert.CertEnrollmentRequest;
+import com.netscape.certsrv.cert.CertRequestInfo;
+import com.netscape.certsrv.cert.CertRequestInfos;
+import com.netscape.certsrv.cert.CertRequestResource;
+import com.netscape.certsrv.cert.CertResource;
+import com.netscape.certsrv.cert.CertReviewResponse;
+import com.netscape.certsrv.cert.CertRevokeRequest;
+import com.netscape.certsrv.cert.CertSearchRequest;
+import com.netscape.certsrv.cert.CertUnrevokeRequest;
 import com.netscape.certsrv.dbs.certdb.CertId;
 import com.netscape.certsrv.request.RequestId;
-import com.netscape.cms.client.cli.ClientConfig;
-import com.netscape.cms.servlet.cert.CertResource;
-import com.netscape.cms.servlet.cert.model.CertDataInfos;
-import com.netscape.cms.servlet.cert.model.CertRevokeRequest;
-import com.netscape.cms.servlet.cert.model.CertSearchData;
-import com.netscape.cms.servlet.cert.model.CertUnrevokeRequest;
-import com.netscape.cms.servlet.cert.model.CertificateData;
-import com.netscape.cms.servlet.csadmin.CMSRestClient;
-import com.netscape.cms.servlet.request.CertRequestResource;
-import com.netscape.cms.servlet.request.model.AgentEnrollmentRequestData;
-import com.netscape.cms.servlet.request.model.CertRequestInfo;
-import com.netscape.cms.servlet.request.model.CertRequestInfos;
-import com.netscape.cms.servlet.request.model.EnrollmentRequestData;
+import com.netscape.cms.client.ClientConfig;
+import com.netscape.cms.client.PKIClient;
 
 /**
  * @author Endi S. Dewata
  */
-public class CertRestClient extends CMSRestClient {
+public class CertClient extends PKIClient {
 
     public CertResource certClient;
     public CertRequestResource certRequestResource;
 
-    public CertRestClient(ClientConfig config) throws URISyntaxException {
+    public CertClient(ClientConfig config) throws URISyntaxException {
         super(config);
 
         certClient = createProxy(CertResource.class);
         certRequestResource = createProxy(CertRequestResource.class);
     }
 
-    public CertificateData getCert(CertId id) {
+    public CertData getCert(CertId id) {
         return certClient.getCert(id);
     }
 
-    public CertDataInfos findCerts(CertSearchData data, Integer start, Integer size) {
+    public CertDataInfos findCerts(CertSearchRequest data, Integer start, Integer size) {
         return certClient.searchCerts(data, start, size);
     }
 
@@ -70,15 +70,15 @@ public class CertRestClient extends CMSRestClient {
         return certClient.unrevokeCert(id, request);
     }
 
-    public CertRequestInfos enrollRequest(EnrollmentRequestData data){
+    public CertRequestInfos enrollRequest(CertEnrollmentRequest data) {
         return certRequestResource.enrollCert(data);
     }
 
-    public AgentEnrollmentRequestData reviewRequest(RequestId id){
+    public CertReviewResponse reviewRequest(RequestId id) {
         return certRequestResource.reviewRequest(id);
     }
 
-    public void approveRequest(RequestId id, AgentEnrollmentRequestData data) {
+    public void approveRequest(RequestId id, CertReviewResponse data) {
         certRequestResource.approveRequest(id, data);
     }
 }
diff --git a/base/common/src/com/netscape/cms/client/cert/CertFindCLI.java b/base/common/src/com/netscape/cms/client/cert/CertFindCLI.java
index ea88c46cd..f69506224 100644
--- a/base/common/src/com/netscape/cms/client/cert/CertFindCLI.java
+++ b/base/common/src/com/netscape/cms/client/cert/CertFindCLI.java
@@ -28,12 +28,12 @@ import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.Option;
 import org.apache.commons.cli.ParseException;
 
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.cert.CertDataInfo;
+import com.netscape.certsrv.cert.CertDataInfos;
+import com.netscape.certsrv.cert.CertSearchRequest;
 import com.netscape.cms.client.cli.CLI;
 import com.netscape.cms.client.cli.MainCLI;
-import com.netscape.cms.servlet.base.CMSException;
-import com.netscape.cms.servlet.cert.model.CertDataInfo;
-import com.netscape.cms.servlet.cert.model.CertDataInfos;
-import com.netscape.cms.servlet.cert.model.CertSearchData;
 
 /**
  * @author Endi S. Dewata
@@ -56,7 +56,7 @@ public class CertFindCLI extends CLI {
         addOptions();
 
         CommandLine cmd = null;
-        CertSearchData searchData = null;
+        CertSearchRequest searchData = null;
         try {
             cmd = parser.parse(options, args);
         } catch (ParseException e) {
@@ -84,7 +84,7 @@ public class CertFindCLI extends CLI {
             FileReader reader = null;
             try {
                 reader = new FileReader(fileName);
-                searchData = CertSearchData.valueOf(reader);
+                searchData = CertSearchRequest.valueOf(reader);
             } catch (FileNotFoundException e) {
                 System.err.println("Error: " + e.getMessage());
                 System.exit(-1);
@@ -100,7 +100,7 @@ public class CertFindCLI extends CLI {
                     }
             }
         } else {
-            searchData = new CertSearchData();
+            searchData = new CertSearchRequest();
             searchData.setSerialNumberRangeInUse(true);
         }
         String s = cmd.getOptionValue("start");
@@ -113,7 +113,7 @@ public class CertFindCLI extends CLI {
         CertDataInfos certs = null;
         try {
             certs = parent.client.findCerts(searchData, start, size);
-        } catch (CMSException e) {
+        } catch (PKIException e) {
             System.err.println("Error: Cannot list certificates. " + e.getMessage());
             System.exit(-1);
         }
@@ -267,7 +267,7 @@ public class CertFindCLI extends CLI {
         options.addOption(option);
     }
 
-    public void addSearchAttribute(CommandLine cmd, CertSearchData csd) {
+    public void addSearchAttribute(CommandLine cmd, CertSearchRequest csd) {
         if (cmd.hasOption("minSerialNumber")) {
             csd.setSerialNumberRangeInUse(true);
             csd.setSerialFrom(cmd.getOptionValue("minSerialNumber"));
diff --git a/base/common/src/com/netscape/cms/client/cert/CertHoldCLI.java b/base/common/src/com/netscape/cms/client/cert/CertHoldCLI.java
index 598c1e664..33667f3f0 100644
--- a/base/common/src/com/netscape/cms/client/cert/CertHoldCLI.java
+++ b/base/common/src/com/netscape/cms/client/cert/CertHoldCLI.java
@@ -26,13 +26,13 @@ import netscape.security.x509.RevocationReason;
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.Option;
 
+import com.netscape.certsrv.cert.CertData;
+import com.netscape.certsrv.cert.CertRequestInfo;
+import com.netscape.certsrv.cert.CertRevokeRequest;
 import com.netscape.certsrv.dbs.certdb.CertId;
 import com.netscape.certsrv.request.RequestStatus;
 import com.netscape.cms.client.cli.CLI;
 import com.netscape.cms.client.cli.MainCLI;
-import com.netscape.cms.servlet.cert.model.CertRevokeRequest;
-import com.netscape.cms.servlet.cert.model.CertificateData;
-import com.netscape.cms.servlet.request.model.CertRequestInfo;
 
 /**
  * @author Endi S. Dewata
@@ -80,7 +80,7 @@ public class CertHoldCLI extends CLI {
 
         if (!cmd.hasOption("force")) {
 
-            CertificateData certData = parent.client.getCert(certID);
+            CertData certData = parent.client.getCert(certID);
 
             System.out.println("Placing certificate on-hold:");
 
@@ -108,7 +108,7 @@ public class CertHoldCLI extends CLI {
 
         if (certRequestInfo.getRequestStatus() == RequestStatus.COMPLETE) {
             MainCLI.printMessage("Placed certificate \"" + certID.toHexString() + "\" on-hold");
-            CertificateData certData = parent.client.getCert(certID);
+            CertData certData = parent.client.getCert(certID);
             CertCLI.printCertData(certData, false, false);
 
         } else {
diff --git a/base/common/src/com/netscape/cms/client/cert/CertReleaseHoldCLI.java b/base/common/src/com/netscape/cms/client/cert/CertReleaseHoldCLI.java
index 0d39aff88..10408273f 100644
--- a/base/common/src/com/netscape/cms/client/cert/CertReleaseHoldCLI.java
+++ b/base/common/src/com/netscape/cms/client/cert/CertReleaseHoldCLI.java
@@ -23,13 +23,13 @@ import java.io.InputStreamReader;
 
 import org.apache.commons.cli.CommandLine;
 
+import com.netscape.certsrv.cert.CertData;
+import com.netscape.certsrv.cert.CertRequestInfo;
+import com.netscape.certsrv.cert.CertUnrevokeRequest;
 import com.netscape.certsrv.dbs.certdb.CertId;
 import com.netscape.certsrv.request.RequestStatus;
 import com.netscape.cms.client.cli.CLI;
 import com.netscape.cms.client.cli.MainCLI;
-import com.netscape.cms.servlet.cert.model.CertUnrevokeRequest;
-import com.netscape.cms.servlet.cert.model.CertificateData;
-import com.netscape.cms.servlet.request.model.CertRequestInfo;
 
 /**
  * @author Endi S. Dewata
@@ -73,7 +73,7 @@ public class CertReleaseHoldCLI extends CLI {
 
         if (!cmd.hasOption("force")) {
 
-            CertificateData certData = parent.client.getCert(certID);
+            CertData certData = parent.client.getCert(certID);
 
             System.out.println("Placing certificate off-hold:");
 
@@ -99,7 +99,7 @@ public class CertReleaseHoldCLI extends CLI {
 
         if (certRequestInfo.getRequestStatus() == RequestStatus.COMPLETE) {
             MainCLI.printMessage("Placed certificate \"" + certID.toHexString() + "\" off-hold");
-            CertificateData certData = parent.client.getCert(certID);
+            CertData certData = parent.client.getCert(certID);
             CertCLI.printCertData(certData, false, false);
 
         } else {
diff --git a/base/common/src/com/netscape/cms/client/cert/CertRequestApproveCLI.java b/base/common/src/com/netscape/cms/client/cert/CertRequestApproveCLI.java
index 3d729424f..c96f482c8 100644
--- a/base/common/src/com/netscape/cms/client/cert/CertRequestApproveCLI.java
+++ b/base/common/src/com/netscape/cms/client/cert/CertRequestApproveCLI.java
@@ -10,10 +10,10 @@ import javax.xml.bind.Unmarshaller;
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.ParseException;
 
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.cert.CertReviewResponse;
 import com.netscape.cms.client.cli.CLI;
 import com.netscape.cms.client.cli.MainCLI;
-import com.netscape.cms.servlet.base.CMSException;
-import com.netscape.cms.servlet.request.model.AgentEnrollmentRequestData;
 
 public class CertRequestApproveCLI extends CLI {
     CertCLI parent;
@@ -42,14 +42,14 @@ public class CertRequestApproveCLI extends CLI {
             printHelp();
             System.exit(-1);
         }
-        AgentEnrollmentRequestData reviewInfo = null;
+        CertReviewResponse reviewInfo = null;
         try {
-            JAXBContext context = JAXBContext.newInstance(AgentEnrollmentRequestData.class);
+            JAXBContext context = JAXBContext.newInstance(CertReviewResponse.class);
             Unmarshaller unmarshaller = context.createUnmarshaller();
             FileInputStream fis = new FileInputStream(cLineArgs[0].trim());
-            reviewInfo = (AgentEnrollmentRequestData) unmarshaller.unmarshal(fis);
+            reviewInfo = (CertReviewResponse) unmarshaller.unmarshal(fis);
             parent.client.approveRequest(reviewInfo.getRequestId(), reviewInfo);
-        } catch (CMSException e) {
+        } catch (PKIException e) {
             System.err.println(e.getMessage());
             System.exit(-1);
         } catch (JAXBException e) {
diff --git a/base/common/src/com/netscape/cms/client/cert/CertRequestReviewCLI.java b/base/common/src/com/netscape/cms/client/cert/CertRequestReviewCLI.java
index 10c0e40fc..22b1faed3 100644
--- a/base/common/src/com/netscape/cms/client/cert/CertRequestReviewCLI.java
+++ b/base/common/src/com/netscape/cms/client/cert/CertRequestReviewCLI.java
@@ -11,11 +11,11 @@ import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.Option;
 import org.apache.commons.cli.ParseException;
 
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.cert.CertReviewResponse;
 import com.netscape.certsrv.request.RequestId;
 import com.netscape.cms.client.cli.CLI;
 import com.netscape.cms.client.cli.MainCLI;
-import com.netscape.cms.servlet.base.CMSException;
-import com.netscape.cms.servlet.request.model.AgentEnrollmentRequestData;
 
 public class CertRequestReviewCLI extends CLI {
 
@@ -71,16 +71,16 @@ public class CertRequestReviewCLI extends CLI {
             System.exit(-1);
         }
 
-        AgentEnrollmentRequestData reviewInfo = null;
+        CertReviewResponse reviewInfo = null;
         try {
             reviewInfo = parent.client.reviewRequest(reqId);
-        } catch (CMSException e) {
+        } catch (PKIException e) {
             System.err.println(e.getMessage());
             System.exit(-1);
         }
 
         try {
-            JAXBContext context = JAXBContext.newInstance(AgentEnrollmentRequestData.class);
+            JAXBContext context = JAXBContext.newInstance(CertReviewResponse.class);
             Marshaller marshaller = context.createMarshaller();
             marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
 
diff --git a/base/common/src/com/netscape/cms/client/cert/CertRequestSubmitCLI.java b/base/common/src/com/netscape/cms/client/cert/CertRequestSubmitCLI.java
index e09f8be5b..cd974b031 100644
--- a/base/common/src/com/netscape/cms/client/cert/CertRequestSubmitCLI.java
+++ b/base/common/src/com/netscape/cms/client/cert/CertRequestSubmitCLI.java
@@ -11,11 +11,11 @@ import javax.xml.bind.Unmarshaller;
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.ParseException;
 
+import com.netscape.certsrv.cert.CertEnrollmentRequest;
+import com.netscape.certsrv.cert.CertRequestInfo;
+import com.netscape.certsrv.cert.CertRequestInfos;
 import com.netscape.cms.client.cli.CLI;
 import com.netscape.cms.client.cli.MainCLI;
-import com.netscape.cms.servlet.request.model.CertRequestInfo;
-import com.netscape.cms.servlet.request.model.CertRequestInfos;
-import com.netscape.cms.servlet.request.model.EnrollmentRequestData;
 
 public class CertRequestSubmitCLI extends CLI {
 
@@ -46,7 +46,7 @@ public class CertRequestSubmitCLI extends CLI {
             System.exit(-1);
         }
 
-        EnrollmentRequestData erd = null;
+        CertEnrollmentRequest erd = null;
 
         try {
             erd = getEnrollmentRequest(cLineArgs[0]);
@@ -62,12 +62,12 @@ public class CertRequestSubmitCLI extends CLI {
         }
     }
 
-    private EnrollmentRequestData getEnrollmentRequest(String fileName) throws JAXBException, FileNotFoundException {
-        EnrollmentRequestData erd = null;
-        JAXBContext context = JAXBContext.newInstance(EnrollmentRequestData.class);
+    private CertEnrollmentRequest getEnrollmentRequest(String fileName) throws JAXBException, FileNotFoundException {
+        CertEnrollmentRequest erd = null;
+        JAXBContext context = JAXBContext.newInstance(CertEnrollmentRequest.class);
         Unmarshaller unmarshaller = context.createUnmarshaller();
         FileInputStream fis = new FileInputStream(fileName);
-        erd = (EnrollmentRequestData) unmarshaller.unmarshal(fis);
+        erd = (CertEnrollmentRequest) unmarshaller.unmarshal(fis);
         return erd;
     }
 
diff --git a/base/common/src/com/netscape/cms/client/cert/CertRevokeCLI.java b/base/common/src/com/netscape/cms/client/cert/CertRevokeCLI.java
index ad3276c52..de5dddc09 100644
--- a/base/common/src/com/netscape/cms/client/cert/CertRevokeCLI.java
+++ b/base/common/src/com/netscape/cms/client/cert/CertRevokeCLI.java
@@ -26,13 +26,13 @@ import netscape.security.x509.RevocationReason;
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.Option;
 
+import com.netscape.certsrv.cert.CertData;
+import com.netscape.certsrv.cert.CertRequestInfo;
+import com.netscape.certsrv.cert.CertRevokeRequest;
 import com.netscape.certsrv.dbs.certdb.CertId;
 import com.netscape.certsrv.request.RequestStatus;
 import com.netscape.cms.client.cli.CLI;
 import com.netscape.cms.client.cli.MainCLI;
-import com.netscape.cms.servlet.cert.model.CertRevokeRequest;
-import com.netscape.cms.servlet.cert.model.CertificateData;
-import com.netscape.cms.servlet.request.model.CertRequestInfo;
 
 /**
  * @author Endi S. Dewata
@@ -107,7 +107,7 @@ public class CertRevokeCLI extends CLI {
 
         if (!cmd.hasOption("force")) {
 
-            CertificateData certData = parent.client.getCert(certID);
+            CertData certData = parent.client.getCert(certID);
 
             if (reason == RevocationReason.CERTIFICATE_HOLD) {
                 System.out.println("Placing certificate on-hold:");
@@ -154,7 +154,7 @@ public class CertRevokeCLI extends CLI {
                 MainCLI.printMessage("Revoked certificate \"" + certID.toHexString() + "\"");
             }
 
-            CertificateData certData = parent.client.getCert(certID);
+            CertData certData = parent.client.getCert(certID);
             CertCLI.printCertData(certData, false, false);
 
         } else {
diff --git a/base/common/src/com/netscape/cms/client/cert/CertShowCLI.java b/base/common/src/com/netscape/cms/client/cert/CertShowCLI.java
index 1389a0a42..4fcfc8c3d 100644
--- a/base/common/src/com/netscape/cms/client/cert/CertShowCLI.java
+++ b/base/common/src/com/netscape/cms/client/cert/CertShowCLI.java
@@ -24,10 +24,10 @@ import java.io.PrintWriter;
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.Option;
 
+import com.netscape.certsrv.cert.CertData;
 import com.netscape.certsrv.dbs.certdb.CertId;
 import com.netscape.cms.client.cli.CLI;
 import com.netscape.cms.client.cli.MainCLI;
-import com.netscape.cms.servlet.cert.model.CertificateData;
 
 /**
  * @author Endi S. Dewata
@@ -78,7 +78,7 @@ public class CertShowCLI extends CLI {
         CertId certID = new CertId(cmdArgs[0]);
         String file = cmd.getOptionValue("output");
 
-        CertificateData certData = parent.client.getCert(certID);
+        CertData certData = parent.client.getCert(certID);
 
         String encoded = certData.getEncoded();
         if (encoded != null && file != null) {
diff --git a/base/common/src/com/netscape/cms/client/cli/MainCLI.java b/base/common/src/com/netscape/cms/client/cli/MainCLI.java
index 50c90d892..2398a3837 100644
--- a/base/common/src/com/netscape/cms/client/cli/MainCLI.java
+++ b/base/common/src/com/netscape/cms/client/cli/MainCLI.java
@@ -30,6 +30,7 @@ import org.mozilla.jss.crypto.CryptoToken;
 import org.mozilla.jss.util.IncorrectPasswordException;
 import org.mozilla.jss.util.Password;
 
+import com.netscape.cms.client.ClientConfig;
 import com.netscape.cms.client.cert.CertCLI;
 import com.netscape.cms.client.group.GroupCLI;
 import com.netscape.cms.client.user.UserCLI;
diff --git a/base/common/src/com/netscape/cms/client/group/GroupCLI.java b/base/common/src/com/netscape/cms/client/group/GroupCLI.java
index fefc1b0c9..b106c6fc1 100644
--- a/base/common/src/com/netscape/cms/client/group/GroupCLI.java
+++ b/base/common/src/com/netscape/cms/client/group/GroupCLI.java
@@ -34,7 +34,7 @@ import com.netscape.cms.client.cli.MainCLI;
 public class GroupCLI extends CLI {
 
     public MainCLI parent;
-    public GroupRestClient client;
+    public GroupClient client;
 
     public GroupCLI(MainCLI parent) {
         super("group", "Group management commands");
@@ -74,7 +74,7 @@ public class GroupCLI extends CLI {
 
     public void execute(String[] args) throws Exception {
 
-        client = new GroupRestClient(parent.config);
+        client = new GroupClient(parent.config);
         client.setVerbose(verbose);
 
         if (args.length == 0) {
diff --git a/base/common/src/com/netscape/cms/client/group/GroupRestClient.java b/base/common/src/com/netscape/cms/client/group/GroupClient.java
index 1b98035ea..b3784ef46 100644
--- a/base/common/src/com/netscape/cms/client/group/GroupRestClient.java
+++ b/base/common/src/com/netscape/cms/client/group/GroupClient.java
@@ -27,18 +27,18 @@ import com.netscape.certsrv.group.GroupMemberCollection;
 import com.netscape.certsrv.group.GroupMemberData;
 import com.netscape.certsrv.group.GroupMemberResource;
 import com.netscape.certsrv.group.GroupResource;
-import com.netscape.cms.client.cli.ClientConfig;
-import com.netscape.cms.servlet.csadmin.CMSRestClient;
+import com.netscape.cms.client.ClientConfig;
+import com.netscape.cms.client.PKIClient;
 
 /**
  * @author Endi S. Dewata
  */
-public class GroupRestClient extends CMSRestClient {
+public class GroupClient extends PKIClient {
 
     public GroupResource groupClient;
     public GroupMemberResource groupMemberClient;
 
-    public GroupRestClient(ClientConfig config) throws URISyntaxException {
+    public GroupClient(ClientConfig config) throws URISyntaxException {
         super(config);
 
         groupClient = createProxy(GroupResource.class);
diff --git a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java b/base/common/src/com/netscape/cms/client/kra/DRMClient.java
index 372b8aea6..4bcf52987 100644
--- a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java
+++ b/base/common/src/com/netscape/cms/client/kra/DRMClient.java
@@ -1,4 +1,4 @@
-package com.netscape.cms.servlet.test;
+package com.netscape.cms.client.kra;
 
 import java.net.URISyntaxException;
 import java.util.Collection;
@@ -6,30 +6,30 @@ import java.util.Iterator;
 
 import org.jboss.resteasy.client.ClientResponse;
 
+import com.netscape.certsrv.cert.CertData;
 import com.netscape.certsrv.dbs.keydb.KeyId;
+import com.netscape.certsrv.key.KeyArchivalRequest;
+import com.netscape.certsrv.key.KeyData;
+import com.netscape.certsrv.key.KeyDataInfo;
+import com.netscape.certsrv.key.KeyDataInfos;
+import com.netscape.certsrv.key.KeyRecoveryRequest;
+import com.netscape.certsrv.key.KeyRequestInfo;
+import com.netscape.certsrv.key.KeyRequestInfos;
+import com.netscape.certsrv.key.KeyRequestResource;
+import com.netscape.certsrv.key.KeyResource;
 import com.netscape.certsrv.request.RequestId;
-import com.netscape.cms.client.cli.ClientConfig;
-import com.netscape.cms.servlet.admin.SystemCertificateResource;
-import com.netscape.cms.servlet.cert.model.CertificateData;
-import com.netscape.cms.servlet.csadmin.CMSRestClient;
-import com.netscape.cms.servlet.key.KeyResource;
-import com.netscape.cms.servlet.key.model.KeyData;
-import com.netscape.cms.servlet.key.model.KeyDataInfo;
-import com.netscape.cms.servlet.key.model.KeyDataInfos;
-import com.netscape.cms.servlet.request.KeyRequestResource;
-import com.netscape.cms.servlet.request.model.ArchivalRequestData;
-import com.netscape.cms.servlet.request.model.KeyRequestInfo;
-import com.netscape.cms.servlet.request.model.KeyRequestInfos;
-import com.netscape.cms.servlet.request.model.RecoveryRequestData;
+import com.netscape.certsrv.system.SystemCertificateResource;
+import com.netscape.cms.client.ClientConfig;
+import com.netscape.cms.client.PKIClient;
 import com.netscape.cmsutil.util.Utils;
 
-public class DRMRestClient  extends CMSRestClient {
+public class DRMClient  extends PKIClient {
 
     private KeyResource keyClient;
     private KeyRequestResource keyRequestClient;
     private SystemCertificateResource systemCertClient;
 
-    public DRMRestClient(ClientConfig config) throws URISyntaxException {
+    public DRMClient(ClientConfig config) throws URISyntaxException {
         super(config);
 
         systemCertClient = createProxy(SystemCertificateResource.class);
@@ -39,9 +39,9 @@ public class DRMRestClient  extends CMSRestClient {
 
     public String getTransportCert() {
         @SuppressWarnings("unchecked")
-        ClientResponse<CertificateData> response = (ClientResponse<CertificateData>) systemCertClient
+        ClientResponse<CertData> response = (ClientResponse<CertData>) systemCertClient
                 .getTransportCert();
-        CertificateData certData = getEntity(response);
+        CertData certData = getEntity(response);
         String transportCert = certData.getEncoded();
         return transportCert;
     }
@@ -56,7 +56,7 @@ public class DRMRestClient  extends CMSRestClient {
 
     public KeyRequestInfo archiveSecurityData(byte[] encoded, String clientId, String dataType) {
         // create archival request
-        ArchivalRequestData data = new ArchivalRequestData();
+        KeyArchivalRequest data = new KeyArchivalRequest();
         String req1 = Utils.base64encode(encoded);
         data.setWrappedPrivateData(req1);
         data.setClientId(clientId);
@@ -83,7 +83,7 @@ public class DRMRestClient  extends CMSRestClient {
 
     public KeyRequestInfo requestRecovery(KeyId keyId, byte[] rpwd, byte[] rkey, byte[] nonceData) {
         // create recovery request
-        RecoveryRequestData data = new RecoveryRequestData();
+        KeyRecoveryRequest data = new KeyRecoveryRequest();
         data.setKeyId(keyId);
         if (rpwd != null) {
             data.setSessionWrappedPassphrase(Utils.base64encode(rpwd));
@@ -106,7 +106,7 @@ public class DRMRestClient  extends CMSRestClient {
 
     public KeyData retrieveKey(KeyId keyId, RequestId requestId, byte[] rpwd, byte[] rkey, byte[] nonceData) {
         // create recovery request
-        RecoveryRequestData data = new RecoveryRequestData();
+        KeyRecoveryRequest data = new KeyRecoveryRequest();
         data.setKeyId(keyId);
         data.setRequestId(requestId);
         if (rkey != null) {
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationRESTClient.java b/base/common/src/com/netscape/cms/client/system/SystemConfigClient.java
index 7fe8af2f3..c9ee28718 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationRESTClient.java
+++ b/base/common/src/com/netscape/cms/client/system/SystemConfigClient.java
@@ -15,32 +15,34 @@
 // (C) 2012 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
+package com.netscape.cms.client.system;
 
 import java.net.URISyntaxException;
 
-import com.netscape.cms.client.cli.ClientConfig;
-import com.netscape.cms.servlet.csadmin.model.ConfigurationData;
-import com.netscape.cms.servlet.csadmin.model.ConfigurationResponseData;
-import com.netscape.cms.servlet.csadmin.model.InstallToken;
-import com.netscape.cms.servlet.csadmin.model.InstallTokenRequest;
+import com.netscape.certsrv.system.ConfigurationRequest;
+import com.netscape.certsrv.system.ConfigurationResponse;
+import com.netscape.certsrv.system.InstallToken;
+import com.netscape.certsrv.system.InstallTokenRequest;
+import com.netscape.certsrv.system.SystemConfigResource;
+import com.netscape.cms.client.ClientConfig;
+import com.netscape.cms.client.PKIClient;
 
 
 /**
  * @author alee
  *
  */
-public class ConfigurationRESTClient extends CMSRestClient {
+public class SystemConfigClient extends PKIClient {
 
-    private SystemConfigurationResource configClient;
+    private SystemConfigResource configClient;
 
-    public ConfigurationRESTClient(ClientConfig config) throws URISyntaxException {
+    public SystemConfigClient(ClientConfig config) throws URISyntaxException {
         super(config);
 
-        configClient = createProxy(SystemConfigurationResource.class);
+        configClient = createProxy(SystemConfigResource.class);
     }
 
-    public ConfigurationResponseData configure(ConfigurationData data) {
+    public ConfigurationResponse configure(ConfigurationRequest data) {
         return configClient.configure(data);
     }
 
diff --git a/base/common/src/com/netscape/cms/client/user/UserCLI.java b/base/common/src/com/netscape/cms/client/user/UserCLI.java
index a5104135b..cc9bc8aa5 100644
--- a/base/common/src/com/netscape/cms/client/user/UserCLI.java
+++ b/base/common/src/com/netscape/cms/client/user/UserCLI.java
@@ -34,7 +34,7 @@ import com.netscape.cms.client.cli.MainCLI;
 public class UserCLI extends CLI {
 
     public MainCLI parent;
-    public UserRestClient client;
+    public UserClient client;
 
     public UserCLI(MainCLI parent) {
         super("user", "User management commands");
@@ -75,7 +75,7 @@ public class UserCLI extends CLI {
 
     public void execute(String[] args) throws Exception {
 
-        client = new UserRestClient(parent.config);
+        client = new UserClient(parent.config);
         client.setVerbose(verbose);
 
         if (args.length == 0) {
diff --git a/base/common/src/com/netscape/cms/client/user/UserRestClient.java b/base/common/src/com/netscape/cms/client/user/UserClient.java
index 54c1e3fa1..010468e8a 100644
--- a/base/common/src/com/netscape/cms/client/user/UserRestClient.java
+++ b/base/common/src/com/netscape/cms/client/user/UserClient.java
@@ -27,18 +27,18 @@ import com.netscape.certsrv.user.UserCertResource;
 import com.netscape.certsrv.user.UserCollection;
 import com.netscape.certsrv.user.UserData;
 import com.netscape.certsrv.user.UserResource;
-import com.netscape.cms.client.cli.ClientConfig;
-import com.netscape.cms.servlet.csadmin.CMSRestClient;
+import com.netscape.cms.client.ClientConfig;
+import com.netscape.cms.client.PKIClient;
 
 /**
  * @author Endi S. Dewata
  */
-public class UserRestClient extends CMSRestClient {
+public class UserClient extends PKIClient {
 
     public UserResource userClient;
     public UserCertResource userCertClient;
 
-    public UserRestClient(ClientConfig config) throws URISyntaxException {
+    public UserClient(ClientConfig config) throws URISyntaxException {
         super(config);
 
         userClient = createProxy(UserResource.class);
diff --git a/base/common/src/com/netscape/cms/servlet/admin/GroupMemberResourceService.java b/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java
index c192815aa..0854be3aa 100644
--- a/base/common/src/com/netscape/cms/servlet/admin/GroupMemberResourceService.java
+++ b/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java
@@ -31,6 +31,7 @@ import org.jboss.resteasy.plugins.providers.atom.Link;
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.certsrv.base.PKIException;
 import com.netscape.certsrv.base.SessionContext;
 import com.netscape.certsrv.common.OpDef;
 import com.netscape.certsrv.common.ScopeDef;
@@ -43,13 +44,12 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.user.UserResource;
 import com.netscape.certsrv.usrgrp.IGroup;
 import com.netscape.certsrv.usrgrp.IUGSubsystem;
-import com.netscape.cms.servlet.base.CMSException;
-import com.netscape.cms.servlet.base.CMSResourceService;
+import com.netscape.cms.servlet.base.PKIService;
 
 /**
  * @author Endi S. Dewata
  */
-public class GroupMemberResourceService extends CMSResourceService implements GroupMemberResource {
+public class GroupMemberService extends PKIService implements GroupMemberResource {
 
     public final static int DEFAULT_SIZE = 20;
 
@@ -81,13 +81,13 @@ public class GroupMemberResourceService extends CMSResourceService implements Gr
 
             if (groupID == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+                throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
             }
 
             IGroup group = userGroupManager.getGroupFromName(groupID);
             if (group == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
-                throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"));
+                throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"));
             }
 
             GroupMemberCollection response = new GroupMemberCollection();
@@ -120,12 +120,12 @@ public class GroupMemberResourceService extends CMSResourceService implements Gr
 
             return response;
 
-        } catch (CMSException e) {
+        } catch (PKIException e) {
             throw e;
 
         } catch (Exception e) {
             CMS.debug(e);
-            throw new CMSException(getUserMessage("CMS_INTERNAL_ERROR"));
+            throw new PKIException(getUserMessage("CMS_INTERNAL_ERROR"));
         }
     }
 
@@ -141,13 +141,13 @@ public class GroupMemberResourceService extends CMSResourceService implements Gr
         try {
             if (groupID == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+                throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
             }
 
             IGroup group = userGroupManager.getGroupFromName(groupID);
             if (group == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
-                throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"));
+                throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"));
             }
 
             String memberID = groupMemberData.getID();
@@ -199,14 +199,14 @@ public class GroupMemberResourceService extends CMSResourceService implements Gr
                     .type(MediaType.APPLICATION_XML)
                     .build();
 
-        } catch (CMSException e) {
+        } catch (PKIException e) {
             auditAddGroupMember(groupID, groupMemberData, ILogger.FAILURE);
             throw e;
 
         } catch (Exception e) {
             log(ILogger.LL_FAILURE, e.toString());
             auditAddGroupMember(groupID, groupMemberData, ILogger.FAILURE);
-            throw new CMSException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED"));
+            throw new PKIException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED"));
         }
     }
 
@@ -289,13 +289,13 @@ public class GroupMemberResourceService extends CMSResourceService implements Gr
         try {
             if (groupID == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+                throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
             }
 
             IGroup group = userGroupManager.getGroupFromName(groupID);
             if (group == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
-                throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"));
+                throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"));
             }
 
             Enumeration<String> e = group.getMemberNames();
@@ -307,14 +307,14 @@ public class GroupMemberResourceService extends CMSResourceService implements Gr
                 return groupMemberData;
             }
 
-            throw new CMSException("Group member not found");
+            throw new PKIException("Group member not found");
 
-        } catch (CMSException e) {
+        } catch (PKIException e) {
             throw e;
 
         } catch (Exception e) {
             log(ILogger.LL_FAILURE, e.toString());
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
         }
     }
 
@@ -329,13 +329,13 @@ public class GroupMemberResourceService extends CMSResourceService implements Gr
         try {
             if (groupID == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+                throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
             }
 
             IGroup group = userGroupManager.getGroupFromName(groupID);
             if (group == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
-                throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"));
+                throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"));
             }
 
             String member = groupMemberData.getID();
@@ -351,14 +351,14 @@ public class GroupMemberResourceService extends CMSResourceService implements Gr
 
             auditDeleteGroupMember(groupID, groupMemberData, ILogger.SUCCESS);
 
-        } catch (CMSException e) {
+        } catch (PKIException e) {
             auditDeleteGroupMember(groupID, groupMemberData, ILogger.FAILURE);
             throw e;
 
         } catch (Exception e) {
             log(ILogger.LL_FAILURE, e.toString());
             auditDeleteGroupMember(groupID, groupMemberData, ILogger.FAILURE);
-            throw new CMSException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED"));
+            throw new PKIException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED"));
         }
     }
 
diff --git a/base/common/src/com/netscape/cms/servlet/admin/GroupResourceService.java b/base/common/src/com/netscape/cms/servlet/admin/GroupService.java
index ce665ae3e..b82df9a2f 100644
--- a/base/common/src/com/netscape/cms/servlet/admin/GroupResourceService.java
+++ b/base/common/src/com/netscape/cms/servlet/admin/GroupService.java
@@ -31,6 +31,7 @@ import org.jboss.resteasy.plugins.providers.atom.Link;
 
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.PKIException;
 import com.netscape.certsrv.common.OpDef;
 import com.netscape.certsrv.common.ScopeDef;
 import com.netscape.certsrv.group.GroupCollection;
@@ -40,14 +41,13 @@ import com.netscape.certsrv.logging.IAuditor;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.usrgrp.IGroup;
 import com.netscape.certsrv.usrgrp.IUGSubsystem;
-import com.netscape.cms.servlet.base.CMSException;
-import com.netscape.cms.servlet.base.CMSResourceService;
+import com.netscape.cms.servlet.base.PKIService;
 import com.netscape.cmsutil.ldap.LDAPUtil;
 
 /**
  * @author Endi S. Dewata
  */
-public class GroupResourceService extends CMSResourceService implements GroupResource {
+public class GroupService extends PKIService implements GroupResource {
 
     public final static int DEFAULT_SIZE = 20;
 
@@ -115,7 +115,7 @@ public class GroupResourceService extends CMSResourceService implements GroupRes
             return response;
 
         } catch (Exception e) {
-            throw new CMSException(getUserMessage("CMS_INTERNAL_ERROR"));
+            throw new PKIException(getUserMessage("CMS_INTERNAL_ERROR"));
         }
     }
 
@@ -131,22 +131,22 @@ public class GroupResourceService extends CMSResourceService implements GroupRes
         try {
             if (groupID == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+                throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
             }
 
             IGroup group = userGroupManager.getGroupFromName(groupID);
             if (group == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
-                throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"));
+                throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"));
             }
 
             return createGroupData(group);
 
-        } catch (CMSException e) {
+        } catch (PKIException e) {
             throw e;
 
         } catch (Exception e) {
-            throw new CMSException(getUserMessage("CMS_INTERNAL_ERROR"));
+            throw new PKIException(getUserMessage("CMS_INTERNAL_ERROR"));
         }
     }
 
@@ -173,7 +173,7 @@ public class GroupResourceService extends CMSResourceService implements GroupRes
         try {
             if (groupID == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+                throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
             }
 
             IGroup group = userGroupManager.createGroup(groupID);
@@ -201,16 +201,16 @@ public class GroupResourceService extends CMSResourceService implements GroupRes
                         .build();
 
             } catch (Exception e) {
-                throw new CMSException(getUserMessage("CMS_USRGRP_GROUP_ADD_FAILED"));
+                throw new PKIException(getUserMessage("CMS_USRGRP_GROUP_ADD_FAILED"));
             }
 
-        } catch (CMSException e) {
+        } catch (PKIException e) {
             auditAddGroup(groupID, groupData, ILogger.FAILURE);
             throw e;
 
         } catch (EBaseException e) {
             auditAddGroup(groupID, groupData, ILogger.FAILURE);
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
         }
     }
 
@@ -237,7 +237,7 @@ public class GroupResourceService extends CMSResourceService implements GroupRes
         try {
             if (groupID == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+                throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
             }
 
             IGroup group = userGroupManager.getGroupFromName(groupID);
@@ -261,16 +261,16 @@ public class GroupResourceService extends CMSResourceService implements GroupRes
 
             } catch (Exception e) {
                 log(ILogger.LL_FAILURE, e.toString());
-                throw new CMSException(getUserMessage("CMS_USRGRP_GROUP_MODIFY_FAILED"));
+                throw new PKIException(getUserMessage("CMS_USRGRP_GROUP_MODIFY_FAILED"));
             }
 
-        } catch (CMSException e) {
+        } catch (PKIException e) {
             auditModifyGroup(groupID, groupData, ILogger.FAILURE);
             throw e;
 
         } catch (EBaseException e) {
             auditModifyGroup(groupID, groupData, ILogger.FAILURE);
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
         }
     }
 
@@ -295,7 +295,7 @@ public class GroupResourceService extends CMSResourceService implements GroupRes
         try {
             if (groupID == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+                throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
             }
 
             // if fails, let the exception fall through
@@ -303,13 +303,13 @@ public class GroupResourceService extends CMSResourceService implements GroupRes
 
             auditDeleteGroup(groupID, ILogger.SUCCESS);
 
-        } catch (CMSException e) {
+        } catch (PKIException e) {
             auditDeleteGroup(groupID, ILogger.FAILURE);
             throw e;
 
         } catch (EBaseException e) {
             auditDeleteGroup(groupID, ILogger.FAILURE);
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
         }
     }
 
diff --git a/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResourceService.java b/base/common/src/com/netscape/cms/servlet/admin/SystemCertService.java
index 72106a903..bd84f1141 100644
--- a/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResourceService.java
+++ b/base/common/src/com/netscape/cms/servlet/admin/SystemCertService.java
@@ -24,10 +24,11 @@ import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Response;
 
 import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.cert.CertData;
 import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
 import com.netscape.certsrv.security.ITransportKeyUnit;
-import com.netscape.cms.servlet.base.CMSResourceService;
-import com.netscape.cms.servlet.cert.model.CertificateData;
+import com.netscape.certsrv.system.SystemCertificateResource;
+import com.netscape.cms.servlet.base.PKIService;
 
 /**
  * This is the class used to list, retrieve and modify system certificates for all Java subsystems.
@@ -35,13 +36,13 @@ import com.netscape.cms.servlet.cert.model.CertificateData;
  * @author alee
  *
  */
-public class SystemCertificateResourceService extends CMSResourceService implements SystemCertificateResource {
+public class SystemCertService extends PKIService implements SystemCertificateResource {
 
     /**
      * Used to retrieve the transport certificate
      */
     public Response getTransportCert() {
-        CertificateData cert = null;
+        CertData cert = null;
         IKeyRecoveryAuthority kra = null;
 
         // auth and authz
diff --git a/base/common/src/com/netscape/cms/servlet/admin/UserCertResourceService.java b/base/common/src/com/netscape/cms/servlet/admin/UserCertService.java
index e0e2ddfde..16a584ff8 100644
--- a/base/common/src/com/netscape/cms/servlet/admin/UserCertResourceService.java
+++ b/base/common/src/com/netscape/cms/servlet/admin/UserCertService.java
@@ -40,6 +40,7 @@ import org.mozilla.jss.crypto.InternalCertificate;
 
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.ICertPrettyPrint;
+import com.netscape.certsrv.base.PKIException;
 import com.netscape.certsrv.common.OpDef;
 import com.netscape.certsrv.common.ScopeDef;
 import com.netscape.certsrv.dbs.certdb.CertId;
@@ -50,15 +51,14 @@ import com.netscape.certsrv.user.UserCertData;
 import com.netscape.certsrv.user.UserCertResource;
 import com.netscape.certsrv.usrgrp.IUGSubsystem;
 import com.netscape.certsrv.usrgrp.IUser;
-import com.netscape.cms.servlet.base.CMSException;
-import com.netscape.cms.servlet.base.CMSResourceService;
+import com.netscape.cms.servlet.base.PKIService;
 import com.netscape.cmsutil.util.Cert;
 import com.netscape.cmsutil.util.Utils;
 
 /**
  * @author Endi S. Dewata
  */
-public class UserCertResourceService extends CMSResourceService implements UserCertResource {
+public class UserCertService extends PKIService implements UserCertResource {
 
     public final static int DEFAULT_SIZE = 20;
 
@@ -96,7 +96,7 @@ public class UserCertResourceService extends CMSResourceService implements UserC
 
             if (userID == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+                throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
             }
 
             IUser user = null;
@@ -104,12 +104,12 @@ public class UserCertResourceService extends CMSResourceService implements UserC
             try {
                 user = userGroupManager.getUser(userID);
             } catch (Exception e) {
-                throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST"));
+                throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST"));
             }
 
             if (user == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST"));
-                throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST"));
+                throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST"));
             }
 
             UserCertCollection response = new UserCertCollection();
@@ -134,11 +134,11 @@ public class UserCertResourceService extends CMSResourceService implements UserC
 
             return response;
 
-        } catch (CMSException e) {
+        } catch (PKIException e) {
             throw e;
 
         } catch (Exception e) {
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
         }
     }
 
@@ -148,7 +148,7 @@ public class UserCertResourceService extends CMSResourceService implements UserC
             if (userID == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
 
-                throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+                throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
             }
 
             IUser user = null;
@@ -156,24 +156,24 @@ public class UserCertResourceService extends CMSResourceService implements UserC
             try {
                 user = userGroupManager.getUser(userID);
             } catch (Exception e) {
-                throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST"));
+                throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST"));
             }
 
             if (user == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST"));
-                throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST"));
+                throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST"));
             }
 
             X509Certificate[] certs = user.getX509Certificates();
 
             if (certs == null) {
-                throw new CMSException("Certificate not found");
+                throw new PKIException("Certificate not found");
             }
 
             try {
                 certID = URLDecoder.decode(certID, "UTF-8");
             } catch (Exception e) {
-                throw new CMSException(e.getMessage());
+                throw new PKIException(e.getMessage());
             }
 
             for (X509Certificate cert : certs) {
@@ -192,13 +192,13 @@ public class UserCertResourceService extends CMSResourceService implements UserC
                 return userCertData;
             }
 
-            throw new CMSException("Certificate not found");
+            throw new PKIException("Certificate not found");
 
-        } catch (CMSException e) {
+        } catch (PKIException e) {
             throw e;
 
         } catch (Exception e) {
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
         }
     }
 
@@ -223,7 +223,7 @@ public class UserCertResourceService extends CMSResourceService implements UserC
         try {
             if (userID == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+                throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
             }
 
             IUser user = userGroupManager.createUser(userID);
@@ -266,7 +266,7 @@ public class UserCertResourceService extends CMSResourceService implements UserC
                     X509Certificate p7certs[] = pkcs7.getCertificates();
 
                     if (p7certs.length == 0) {
-                        throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR"));
+                        throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR"));
                     }
 
                     // fix for 370099 - cert ordering can not be assumed
@@ -292,7 +292,7 @@ public class UserCertResourceService extends CMSResourceService implements UserC
                     } else {
                         // not a chain, or in random order
                         CMS.debug("UserCertResourceService: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_BAD_CHAIN"));
-                        throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR"));
+                        throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR"));
                     }
 
                     CMS.debug("UserCertResourceService: "
@@ -343,7 +343,7 @@ public class UserCertResourceService extends CMSResourceService implements UserC
                 */
                 } catch (Exception e) {
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_ERROR", e.toString()));
-                    throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR"));
+                    throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR"));
                 }
             }
 
@@ -375,29 +375,29 @@ public class UserCertResourceService extends CMSResourceService implements UserC
             } catch (CertificateExpiredException e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ADD_CERT_EXPIRED",
                         String.valueOf(cert.getSubjectDN())));
-                throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_CERT_EXPIRED"));
+                throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_CERT_EXPIRED"));
 
             } catch (CertificateNotYetValidException e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_NOT_YET_VALID",
                         String.valueOf(cert.getSubjectDN())));
-                throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID"));
+                throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID"));
 
             } catch (LDAPException e) {
                 if (e.getLDAPResultCode() == LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) {
-                    throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_USER_CERT_EXISTS"));
+                    throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_USER_CERT_EXISTS"));
                 } else {
-                    throw new CMSException(getUserMessage("CMS_USRGRP_USER_MOD_FAILED"));
+                    throw new PKIException(getUserMessage("CMS_USRGRP_USER_MOD_FAILED"));
                 }
             }
 
-        } catch (CMSException e) {
+        } catch (PKIException e) {
             auditAddUserCert(userID, userCertData, ILogger.FAILURE);
             throw e;
 
         } catch (Exception e) {
             log(ILogger.LL_FAILURE, e.toString());
             auditAddUserCert(userID, userCertData, ILogger.FAILURE);
-            throw new CMSException(getUserMessage("CMS_USRGRP_USER_MOD_FAILED"));
+            throw new PKIException(getUserMessage("CMS_USRGRP_USER_MOD_FAILED"));
         }
     }
 
@@ -423,7 +423,7 @@ public class UserCertResourceService extends CMSResourceService implements UserC
         try {
             certID = URLDecoder.decode(certID, "UTF-8");
         } catch (Exception e) {
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
         }
 
         UserCertData userCertData = new UserCertData();
@@ -438,7 +438,7 @@ public class UserCertResourceService extends CMSResourceService implements UserC
         try {
             if (userID == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+                throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
             }
 
             IUser user = userGroupManager.createUser(userID);
@@ -456,14 +456,14 @@ public class UserCertResourceService extends CMSResourceService implements UserC
 
             auditDeleteUserCert(userID, userCertData, ILogger.SUCCESS);
 
-        } catch (CMSException e) {
+        } catch (PKIException e) {
             auditDeleteUserCert(userID, userCertData, ILogger.FAILURE);
             throw e;
 
         } catch (Exception e) {
             log(ILogger.LL_FAILURE, e.toString());
             auditDeleteUserCert(userID, userCertData, ILogger.FAILURE);
-            throw new CMSException(getUserMessage("CMS_USRGRP_USER_MOD_FAILED"));
+            throw new PKIException(getUserMessage("CMS_USRGRP_USER_MOD_FAILED"));
         }
     }
 
diff --git a/base/common/src/com/netscape/cms/servlet/admin/UserResourceService.java b/base/common/src/com/netscape/cms/servlet/admin/UserService.java
index 1639c5912..f28a8151f 100644
--- a/base/common/src/com/netscape/cms/servlet/admin/UserResourceService.java
+++ b/base/common/src/com/netscape/cms/servlet/admin/UserService.java
@@ -33,6 +33,7 @@ import org.jboss.resteasy.plugins.providers.atom.Link;
 
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.PKIException;
 import com.netscape.certsrv.common.OpDef;
 import com.netscape.certsrv.common.ScopeDef;
 import com.netscape.certsrv.logging.IAuditor;
@@ -45,14 +46,13 @@ import com.netscape.certsrv.usrgrp.EUsrGrpException;
 import com.netscape.certsrv.usrgrp.IGroup;
 import com.netscape.certsrv.usrgrp.IUGSubsystem;
 import com.netscape.certsrv.usrgrp.IUser;
-import com.netscape.cms.servlet.base.CMSException;
-import com.netscape.cms.servlet.base.CMSResourceService;
+import com.netscape.cms.servlet.base.PKIService;
 import com.netscape.cmsutil.ldap.LDAPUtil;
 
 /**
  * @author Endi S. Dewata
  */
-public class UserResourceService extends CMSResourceService implements UserResource {
+public class UserService extends PKIService implements UserResource {
 
     public final static int DEFAULT_SIZE = 20;
 
@@ -123,7 +123,7 @@ public class UserResourceService extends CMSResourceService implements UserResou
             return response;
 
         } catch (Exception e) {
-            throw new CMSException(getUserMessage("CMS_INTERNAL_ERROR"));
+            throw new PKIException(getUserMessage("CMS_INTERNAL_ERROR"));
         }
     }
 
@@ -142,7 +142,7 @@ public class UserResourceService extends CMSResourceService implements UserResou
             if (userID == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
 
-                throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+                throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
             }
 
             IUser user;
@@ -150,13 +150,13 @@ public class UserResourceService extends CMSResourceService implements UserResou
             try {
                 user = userGroupManager.getUser(userID);
             } catch (Exception e) {
-                throw new CMSException(getUserMessage("CMS_INTERNAL_ERROR"));
+                throw new PKIException(getUserMessage("CMS_INTERNAL_ERROR"));
             }
 
             if (user == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST"));
 
-                throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST"));
+                throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST"));
             }
 
             UserData userData = createUserData(user);
@@ -175,11 +175,11 @@ public class UserResourceService extends CMSResourceService implements UserResou
 
             return userData;
 
-        } catch (CMSException e) {
+        } catch (PKIException e) {
             throw e;
 
         } catch (Exception e) {
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
         }
     }
 
@@ -207,19 +207,19 @@ public class UserResourceService extends CMSResourceService implements UserResou
         try {
             if (userID == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+                throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
             }
 
             if (userID.indexOf(BACK_SLASH) != -1) {
                 // backslashes (BS) are not allowed
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_RS_ID_BS"));
-                throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_RS_ID_BS"));
+                throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_RS_ID_BS"));
             }
 
             if (userID.equals(SYSTEM_USER)) {
                 // backslashes (BS) are not allowed
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_SPECIAL_ID", userID));
-                throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_SPECIAL_ID", userID));
+                throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_SPECIAL_ID", userID));
             }
 
             IUser user = userGroupManager.createUser(userID);
@@ -229,7 +229,7 @@ public class UserResourceService extends CMSResourceService implements UserResou
                 String msg = getUserMessage("CMS_USRGRP_USER_ADD_FAILED_1", "full name");
 
                 log(ILogger.LL_FAILURE, msg);
-                throw new CMSException(msg);
+                throw new PKIException(msg);
 
             } else {
                 user.setFullName(fname);
@@ -292,27 +292,27 @@ public class UserResourceService extends CMSResourceService implements UserResou
                 log(ILogger.LL_FAILURE, e.toString());
 
                 if (user.getUserID() == null) {
-                    throw new CMSException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED_1", "uid"));
+                    throw new PKIException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED_1", "uid"));
                 } else {
-                    throw new CMSException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED"));
+                    throw new PKIException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED"));
                 }
 
             } catch (LDAPException e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ADD_USER_FAIL", e.toString()));
-                throw new CMSException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED"));
+                throw new PKIException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED"));
 
             } catch (Exception e) {
                 log(ILogger.LL_FAILURE, e.toString());
-                throw new CMSException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED"));
+                throw new PKIException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED"));
             }
 
-        } catch (CMSException e) {
+        } catch (PKIException e) {
             auditAddUser(userID, userData, ILogger.FAILURE);
             throw e;
 
         } catch (EBaseException e) {
             auditAddUser(userID, userData, ILogger.FAILURE);
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
         }
     }
 
@@ -337,7 +337,7 @@ public class UserResourceService extends CMSResourceService implements UserResou
         try {
             if (userID == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+                throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
             }
 
             IUser user = userGroupManager.createUser(userID);
@@ -388,16 +388,16 @@ public class UserResourceService extends CMSResourceService implements UserResou
 
             } catch (Exception e) {
                 log(ILogger.LL_FAILURE, e.toString());
-                throw new CMSException(getUserMessage("CMS_USRGRP_USER_MOD_FAILED"));
+                throw new PKIException(getUserMessage("CMS_USRGRP_USER_MOD_FAILED"));
             }
 
-        } catch (CMSException e) {
+        } catch (PKIException e) {
             auditModifyUser(userID, userData, ILogger.FAILURE);
             throw e;
 
         } catch (EBaseException e) {
             auditModifyUser(userID, userData, ILogger.FAILURE);
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
         }
     }
 
@@ -425,7 +425,7 @@ public class UserResourceService extends CMSResourceService implements UserResou
         try {
             if (userID == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+                throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
             }
 
             // get list of groups, and see if uid belongs to any
@@ -435,7 +435,7 @@ public class UserResourceService extends CMSResourceService implements UserResou
                 groups = userGroupManager.findGroups("*");
 
             } catch (Exception e) {
-                throw new CMSException(getUserMessage("CMS_INTERNAL_ERROR"));
+                throw new PKIException(getUserMessage("CMS_INTERNAL_ERROR"));
             }
 
             try {
@@ -452,10 +452,10 @@ public class UserResourceService extends CMSResourceService implements UserResou
                 auditDeleteUser(userID, ILogger.SUCCESS);
 
             } catch (Exception e) {
-                throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_FAIL_USER_RMV"));
+                throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_FAIL_USER_RMV"));
             }
 
-        } catch (CMSException e) {
+        } catch (PKIException e) {
             auditDeleteUser(userID, ILogger.FAILURE);
             throw e;
         }
diff --git a/base/common/src/com/netscape/cms/servlet/base/CMSResourceService.java b/base/common/src/com/netscape/cms/servlet/base/PKIService.java
index 48daeca6e..4034a75a3 100644
--- a/base/common/src/com/netscape/cms/servlet/base/CMSResourceService.java
+++ b/base/common/src/com/netscape/cms/servlet/base/PKIService.java
@@ -36,9 +36,9 @@ import javax.ws.rs.core.Response.ResponseBuilder;
 import javax.ws.rs.core.UriInfo;
 
 import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.cert.CertData;
 import com.netscape.certsrv.logging.IAuditor;
 import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.cert.model.CertificateData;
 
 /**
  * Base class for CMS RESTful resources
@@ -46,7 +46,7 @@ import com.netscape.cms.servlet.cert.model.CertificateData;
  * @author alee
  *
  */
-public class CMSResourceService {
+public class PKIService {
 
     public static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----";
     public static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----";
@@ -90,9 +90,9 @@ public class CMSResourceService {
         return builder.build();
     }
 
-    public CertificateData createCertificateData(org.mozilla.jss.crypto.X509Certificate cert)
+    public CertData createCertificateData(org.mozilla.jss.crypto.X509Certificate cert)
             throws CertificateEncodingException {
-        CertificateData data = new CertificateData();
+        CertData data = new CertData();
         String b64 = HEADER + CMS.BtoA(cert.getEncoded()) + TRAILER;
         data.setEncoded(b64);
         return data;
diff --git a/base/common/src/com/netscape/cms/servlet/request/model/EnrollmentRequestDataFactory.java b/base/common/src/com/netscape/cms/servlet/cert/CertEnrollmentRequestFactory.java
index 3a09b7608..7a26e8e21 100644
--- a/base/common/src/com/netscape/cms/servlet/request/model/EnrollmentRequestDataFactory.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/CertEnrollmentRequestFactory.java
@@ -15,26 +15,27 @@
 //(C) 2012 Red Hat, Inc.
 //All rights reserved.
 //--- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.request.model;
+package com.netscape.cms.servlet.cert;
 
 import java.util.Enumeration;
 import java.util.Locale;
 
 import com.netscape.certsrv.base.IArgBlock;
+import com.netscape.certsrv.cert.CertEnrollmentRequest;
 import com.netscape.certsrv.profile.EProfileException;
 import com.netscape.certsrv.profile.IProfile;
 import com.netscape.certsrv.profile.IProfileInput;
+import com.netscape.certsrv.profile.ProfileInput;
 import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.profile.model.ProfileInput;
-import com.netscape.cms.servlet.profile.model.ProfileInputFactory;
+import com.netscape.cms.servlet.profile.ProfileInputFactory;
 
-public class EnrollmentRequestDataFactory {
+public class CertEnrollmentRequestFactory {
 
-    public static EnrollmentRequestData create(CMSRequest cmsReq, IProfile profile, Locale locale)
+    public static CertEnrollmentRequest create(CMSRequest cmsReq, IProfile profile, Locale locale)
             throws EProfileException {
         IArgBlock params = cmsReq.getHttpParams();
 
-        EnrollmentRequestData ret = new EnrollmentRequestData();
+        CertEnrollmentRequest ret = new CertEnrollmentRequest();
         ret.setProfileId(profile.getId());
 
         // populate profile inputs
diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertProcessor.java b/base/common/src/com/netscape/cms/servlet/cert/CertProcessor.java
index 13b0072b4..4acc94d07 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/CertProcessor.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/CertProcessor.java
@@ -30,6 +30,7 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.authentication.IAuthToken;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.EPropertyNotFound;
+import com.netscape.certsrv.cert.CertEnrollmentRequest;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.profile.EDeferException;
 import com.netscape.certsrv.profile.ERejectException;
@@ -37,12 +38,11 @@ import com.netscape.certsrv.profile.IProfile;
 import com.netscape.certsrv.profile.IProfileAuthenticator;
 import com.netscape.certsrv.profile.IProfileContext;
 import com.netscape.certsrv.profile.IProfileInput;
+import com.netscape.certsrv.profile.ProfileInput;
 import com.netscape.certsrv.request.INotify;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.RequestStatus;
 import com.netscape.cms.servlet.processors.Processor;
-import com.netscape.cms.servlet.profile.model.ProfileInput;
-import com.netscape.cms.servlet.request.model.EnrollmentRequestData;
 
 public class CertProcessor extends Processor {
 
@@ -73,7 +73,7 @@ public class CertProcessor extends Processor {
         }
     }
 
-    private void setInputsIntoRequest(EnrollmentRequestData data, IProfile profile, IRequest req) {
+    private void setInputsIntoRequest(CertEnrollmentRequest data, IProfile profile, IRequest req) {
         // put profile inputs into a local map
         HashMap<String, String> dataInputs = new HashMap<String, String>();
         for (ProfileInput input : data.getInputs()) {
@@ -269,7 +269,7 @@ public class CertProcessor extends Processor {
         return errorCode;
     }
 
-    protected void populateRequests(EnrollmentRequestData data, boolean isRenewal,
+    protected void populateRequests(CertEnrollmentRequest data, boolean isRenewal,
             Locale locale, Date origNotAfter, String origSubjectDN, IRequest origReq, String profileId,
             IProfile profile, IProfileContext ctx, IProfileAuthenticator authenticator, IAuthToken authToken,
             IRequest[] reqs) throws EBaseException {
diff --git a/base/common/src/com/netscape/cms/servlet/request/model/CertRequestDAO.java b/base/common/src/com/netscape/cms/servlet/cert/CertRequestDAO.java
index 4ebfc251f..bcb19a70b 100644
--- a/base/common/src/com/netscape/cms/servlet/request/model/CertRequestDAO.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/CertRequestDAO.java
@@ -15,7 +15,7 @@
 // (C) 2011 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.request.model;
+package com.netscape.cms.servlet.cert;
 
 import java.util.ArrayList;
 import java.util.Collection;
@@ -32,17 +32,20 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.Nonces;
 import com.netscape.certsrv.ca.ICertificateAuthority;
+import com.netscape.certsrv.cert.CertEnrollmentRequest;
+import com.netscape.certsrv.cert.CertRequestInfo;
+import com.netscape.certsrv.cert.CertRequestInfos;
+import com.netscape.certsrv.cert.CertReviewResponse;
 import com.netscape.certsrv.profile.IProfile;
 import com.netscape.certsrv.profile.IProfileSubsystem;
+import com.netscape.certsrv.request.CMSRequestInfo;
+import com.netscape.certsrv.request.CMSRequestInfos;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.certsrv.request.RequestId;
-import com.netscape.cms.servlet.cert.EnrollmentProcessor;
-import com.netscape.cms.servlet.cert.RenewalProcessor;
-import com.netscape.cms.servlet.cert.RequestProcessor;
+import com.netscape.certsrv.request.RequestNotFoundException;
 import com.netscape.cms.servlet.processors.Processor;
-import com.netscape.cms.servlet.request.RequestNotFoundException;
-
+import com.netscape.cms.servlet.request.CMSRequestDAO;
 
 /**
  * @author alee
@@ -138,7 +141,7 @@ public class CertRequestDAO extends CMSRequestDAO {
      * @return info for specific request
      * @throws EBaseException
      */
-    public AgentEnrollmentRequestData reviewRequest(HttpServletRequest servletRequest, RequestId id,
+    public CertReviewResponse reviewRequest(HttpServletRequest servletRequest, RequestId id,
             UriInfo uriInfo, Locale locale) throws EBaseException {
         IRequest request = queue.findRequest(id);
         if (request == null) {
@@ -146,14 +149,14 @@ public class CertRequestDAO extends CMSRequestDAO {
         }
         String profileId = request.getExtDataInString("profileId");
         IProfile profile = ps.getProfile(profileId);
-        AgentEnrollmentRequestData info = AgentEnrollmentRequestDataFactory.create(request, profile, uriInfo, locale);
+        CertReviewResponse info = CertReviewResponseFactory.create(request, profile, uriInfo, locale);
         if (ca.noncesEnabled()) {
             addNonce(info, servletRequest);
         }
         return info;
     }
 
-    private void addNonce(AgentEnrollmentRequestData info, HttpServletRequest servletRequest) throws EBaseException {
+    private void addNonce(CertReviewResponse info, HttpServletRequest servletRequest) throws EBaseException {
         if (nonces != null) {
             long n = random.nextLong();
             long m = nonces.addNonce(n, Processor.getSSLClientCertificate(servletRequest));
@@ -171,7 +174,7 @@ public class CertRequestDAO extends CMSRequestDAO {
      * @throws EBaseException
      * @throws ServletException
      */
-    public CertRequestInfos submitRequest(EnrollmentRequestData data, HttpServletRequest request, UriInfo uriInfo,
+    public CertRequestInfos submitRequest(CertEnrollmentRequest data, HttpServletRequest request, UriInfo uriInfo,
             Locale locale) throws EBaseException {
         HashMap<String, Object> results = null;
         if (data.getIsRenewal()) {
@@ -196,7 +199,7 @@ public class CertRequestDAO extends CMSRequestDAO {
         return ret;
     }
 
-    public void changeRequestState(RequestId id, HttpServletRequest request, AgentEnrollmentRequestData data,
+    public void changeRequestState(RequestId id, HttpServletRequest request, CertReviewResponse data,
             Locale locale, String op) throws EBaseException {
         IRequest ireq = queue.findRequest(id);
         if (ireq == null) {
diff --git a/base/common/src/com/netscape/cms/servlet/request/model/CertRequestInfoFactory.java b/base/common/src/com/netscape/cms/servlet/cert/CertRequestInfoFactory.java
index c21ea35c9..fc16bd5f0 100644
--- a/base/common/src/com/netscape/cms/servlet/request/model/CertRequestInfoFactory.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/CertRequestInfoFactory.java
@@ -16,7 +16,7 @@
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
 
-package com.netscape.cms.servlet.request.model;
+package com.netscape.cms.servlet.cert;
 
 import java.math.BigInteger;
 
@@ -28,12 +28,13 @@ import netscape.security.x509.X509CertImpl;
 
 import org.apache.commons.lang.StringUtils;
 
+import com.netscape.certsrv.cert.CertRequestInfo;
+import com.netscape.certsrv.cert.CertRequestResource;
+import com.netscape.certsrv.cert.CertResource;
 import com.netscape.certsrv.profile.IEnrollProfile;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.RequestId;
 import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.cms.servlet.cert.CertResource;
-import com.netscape.cms.servlet.request.CertRequestResource;
 
 public class CertRequestInfoFactory {
 
diff --git a/base/common/src/com/netscape/cms/servlet/request/model/AgentEnrollmentRequestDataFactory.java b/base/common/src/com/netscape/cms/servlet/cert/CertReviewResponseFactory.java
index fff1a59df..97611eb94 100644
--- a/base/common/src/com/netscape/cms/servlet/request/model/AgentEnrollmentRequestDataFactory.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/CertReviewResponseFactory.java
@@ -15,7 +15,7 @@
 //(C) 2012 Red Hat, Inc.
 //All rights reserved.
 //--- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.request.model;
+package com.netscape.cms.servlet.cert;
 
 import java.util.Enumeration;
 import java.util.Locale;
@@ -27,28 +27,29 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IArgBlock;
 import com.netscape.certsrv.base.Nonces;
+import com.netscape.certsrv.cert.CertReviewResponse;
 import com.netscape.certsrv.profile.EProfileException;
 import com.netscape.certsrv.profile.IPolicyDefault;
 import com.netscape.certsrv.profile.IProfile;
 import com.netscape.certsrv.profile.IProfileInput;
 import com.netscape.certsrv.profile.IProfilePolicy;
+import com.netscape.certsrv.profile.PolicyConstraint;
+import com.netscape.certsrv.profile.PolicyDefault;
+import com.netscape.certsrv.profile.ProfileInput;
+import com.netscape.certsrv.profile.ProfilePolicy;
+import com.netscape.certsrv.profile.ProfilePolicySet;
 import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.processors.Processor;
-import com.netscape.cms.servlet.profile.model.PolicyConstraint;
-import com.netscape.cms.servlet.profile.model.PolicyConstraintFactory;
-import com.netscape.cms.servlet.profile.model.PolicyDefault;
-import com.netscape.cms.servlet.profile.model.PolicyDefaultFactory;
-import com.netscape.cms.servlet.profile.model.ProfileInput;
-import com.netscape.cms.servlet.profile.model.ProfileInputFactory;
-import com.netscape.cms.servlet.profile.model.ProfilePolicy;
-import com.netscape.cms.servlet.profile.model.ProfilePolicySet;
+import com.netscape.cms.servlet.profile.PolicyConstraintFactory;
+import com.netscape.cms.servlet.profile.PolicyDefaultFactory;
+import com.netscape.cms.servlet.profile.ProfileInputFactory;
 
-public class AgentEnrollmentRequestDataFactory {
+public class CertReviewResponseFactory {
 
-    public static AgentEnrollmentRequestData create(IRequest request, IProfile profile, UriInfo uriInfo, Locale locale) throws EBaseException {
-        AgentEnrollmentRequestData ret = new AgentEnrollmentRequestData();
+    public static CertReviewResponse create(IRequest request, IProfile profile, UriInfo uriInfo, Locale locale) throws EBaseException {
+        CertReviewResponse ret = new CertReviewResponse();
 
         if (request.getRequestType().equals("renewal")) {
             ret.setIsRenewal(true);
@@ -127,13 +128,13 @@ public class AgentEnrollmentRequestDataFactory {
         return ret;
     }
 
-    public static AgentEnrollmentRequestData create(CMSRequest cmsReq, IProfile profile, Nonces nonces, Locale locale)
+    public static CertReviewResponse create(CMSRequest cmsReq, IProfile profile, Nonces nonces, Locale locale)
             throws EPropertyException, EProfileException {
         HttpServletRequest req = cmsReq.getHttpReq();
         IRequest ireq = cmsReq.getIRequest();
         IArgBlock params = cmsReq.getHttpParams();
 
-        AgentEnrollmentRequestData ret = new AgentEnrollmentRequestData();
+        CertReviewResponse ret = new CertReviewResponse();
         ret.setProfileId(profile.getId());
         ret.setRequestNotes(req.getParameter("requestNotes"));
         ret.setRequestId(ireq.getRequestId());
@@ -153,8 +154,8 @@ public class AgentEnrollmentRequestDataFactory {
                 String id = policyIds.nextElement();
                 CMS.debug("policyId:" + id);
                 IProfilePolicy policy = profile.getProfilePolicy(profileSetId, id);
-                com.netscape.cms.servlet.profile.model.ProfilePolicy dataPolicy =
-                        new com.netscape.cms.servlet.profile.model.ProfilePolicy();
+                com.netscape.certsrv.profile.ProfilePolicy dataPolicy =
+                        new com.netscape.certsrv.profile.ProfilePolicy();
 
                 //populate defaults
                 IPolicyDefault def = policy.getDefault();
diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertResourceService.java b/base/common/src/com/netscape/cms/servlet/cert/CertService.java
index 6a3f0d79a..e4a6fc994 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/CertResourceService.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/CertService.java
@@ -43,9 +43,22 @@ import netscape.security.x509.X509CertImpl;
 import org.jboss.resteasy.plugins.providers.atom.Link;
 
 import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.BadRequestException;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.ICertPrettyPrint;
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.base.UnauthorizedException;
 import com.netscape.certsrv.ca.ICertificateAuthority;
+import com.netscape.certsrv.cert.CertData;
+import com.netscape.certsrv.cert.CertDataInfo;
+import com.netscape.certsrv.cert.CertDataInfos;
+import com.netscape.certsrv.cert.CertNotFoundException;
+import com.netscape.certsrv.cert.CertRequestInfo;
+import com.netscape.certsrv.cert.CertResource;
+import com.netscape.certsrv.cert.CertRetrievalRequest;
+import com.netscape.certsrv.cert.CertRevokeRequest;
+import com.netscape.certsrv.cert.CertSearchRequest;
+import com.netscape.certsrv.cert.CertUnrevokeRequest;
 import com.netscape.certsrv.dbs.EDBRecordNotFoundException;
 import com.netscape.certsrv.dbs.certdb.CertId;
 import com.netscape.certsrv.dbs.certdb.ICertRecord;
@@ -53,20 +66,8 @@ import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
 import com.netscape.certsrv.logging.AuditFormat;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.servlet.base.BadRequestException;
-import com.netscape.cms.servlet.base.CMSException;
-import com.netscape.cms.servlet.base.CMSResourceService;
-import com.netscape.cms.servlet.base.UnauthorizedException;
-import com.netscape.cms.servlet.cert.model.CertDataInfo;
-import com.netscape.cms.servlet.cert.model.CertDataInfos;
-import com.netscape.cms.servlet.cert.model.CertRevokeRequest;
-import com.netscape.cms.servlet.cert.model.CertSearchData;
-import com.netscape.cms.servlet.cert.model.CertUnrevokeRequest;
-import com.netscape.cms.servlet.cert.model.CertificateData;
+import com.netscape.cms.servlet.base.PKIService;
 import com.netscape.cms.servlet.processors.Processor;
-import com.netscape.cms.servlet.request.model.CertRequestDAO;
-import com.netscape.cms.servlet.request.model.CertRequestInfo;
-import com.netscape.cms.servlet.request.model.CertRetrievalRequestData;
 import com.netscape.cmsutil.ldap.LDAPUtil;
 import com.netscape.cmsutil.util.Utils;
 
@@ -74,14 +75,14 @@ import com.netscape.cmsutil.util.Utils;
  * @author alee
  *
  */
-public class CertResourceService extends CMSResourceService implements CertResource {
+public class CertService extends PKIService implements CertResource {
 
     ICertificateAuthority authority;
     ICertificateRepository repo;
 
     public final static int DEFAULT_SIZE = 20;
 
-    public CertResourceService() {
+    public CertService() {
         authority = (ICertificateAuthority) CMS.getSubsystem("ca");
         repo = authority.getCertificateRepository();
     }
@@ -93,22 +94,22 @@ public class CertResourceService extends CMSResourceService implements CertResou
     }
 
     @Override
-    public CertificateData getCert(CertId id) {
+    public CertData getCert(CertId id) {
         validateRequest(id);
 
-        CertRetrievalRequestData data = new CertRetrievalRequestData();
+        CertRetrievalRequest data = new CertRetrievalRequest();
         data.setCertId(id);
 
-        CertificateData certData = null;
+        CertData certData = null;
 
         try {
             certData = getCert(data);
         } catch (EDBRecordNotFoundException e) {
             throw new CertNotFoundException(id);
         } catch (EBaseException e) {
-            throw new CMSException("Problem returning certificate: " + id);
+            throw new PKIException("Problem returning certificate: " + id);
         } catch (CertificateEncodingException e) {
-            throw new CMSException("Problem encoding certificate searched for: " + id);
+            throw new PKIException("Problem encoding certificate searched for: " + id);
         }
 
         return certData;
@@ -152,7 +153,7 @@ public class CertResourceService extends CMSResourceService implements CertResou
             processor.setAuthority(authority);
 
         } catch (EBaseException e) {
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
         }
 
         try {
@@ -190,7 +191,7 @@ public class CertResourceService extends CMSResourceService implements CertResou
 
             processor.auditChangeRequest(ILogger.SUCCESS);
 
-        } catch (CMSException e) {
+        } catch (PKIException e) {
             processor.log(ILogger.LL_FAILURE, e.getMessage());
             processor.auditChangeRequest(ILogger.FAILURE);
             throw e;
@@ -199,13 +200,13 @@ public class CertResourceService extends CMSResourceService implements CertResou
             processor.log(ILogger.LL_FAILURE, "Error " + e);
             processor.auditChangeRequest(ILogger.FAILURE);
 
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
 
         } catch (IOException e) {
             processor.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString()));
             processor.auditChangeRequest(ILogger.FAILURE);
 
-            throw new CMSException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
+            throw new PKIException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
         }
 
         // change audit processing from "REQUEST" to "REQUEST_PROCESSED"
@@ -221,7 +222,7 @@ public class CertResourceService extends CMSResourceService implements CertResou
             processor.log(ILogger.LL_FAILURE, "Error " + e);
             processor.auditChangeRequestProcessed(ILogger.FAILURE);
 
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
         }
 
         try {
@@ -230,7 +231,7 @@ public class CertResourceService extends CMSResourceService implements CertResou
             return dao.getRequest(certRequest.getRequestId(), uriInfo);
 
         } catch (EBaseException e) {
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
         }
     }
 
@@ -249,7 +250,7 @@ public class CertResourceService extends CMSResourceService implements CertResou
             processor.setAuthority(authority);
 
         } catch (EBaseException e) {
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
         }
 
         try {
@@ -262,7 +263,7 @@ public class CertResourceService extends CMSResourceService implements CertResou
             processor.log(ILogger.LL_FAILURE, "Error " + e);
             processor.auditChangeRequest(ILogger.FAILURE);
 
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
         }
 
         // change audit processing from "REQUEST" to "REQUEST_PROCESSED"
@@ -278,7 +279,7 @@ public class CertResourceService extends CMSResourceService implements CertResou
             processor.log(ILogger.LL_FAILURE, "Error " + e);
             processor.auditChangeRequestProcessed(ILogger.FAILURE);
 
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
         }
 
         try {
@@ -287,7 +288,7 @@ public class CertResourceService extends CMSResourceService implements CertResou
             return dao.getRequest(certRequest.getRequestId(), uriInfo);
 
         } catch (EBaseException e) {
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
         }
     }
 
@@ -306,7 +307,7 @@ public class CertResourceService extends CMSResourceService implements CertResou
         return filter;
     }
 
-    private String createSearchFilter(CertSearchData data) {
+    private String createSearchFilter(CertSearchRequest data) {
         if (data == null) {
             return null;
         }
@@ -325,13 +326,13 @@ public class CertResourceService extends CMSResourceService implements CertResou
             infos = getCertList(filter, maxResults, maxTime);
         } catch (EBaseException e) {
             e.printStackTrace();
-            throw new CMSException("Error listing certs in CertsResourceService.listCerts!");
+            throw new PKIException("Error listing certs in CertsResourceService.listCerts!");
         }
         return infos;
     }
 
     @Override
-    public CertDataInfos searchCerts(CertSearchData data, Integer start, Integer size) {
+    public CertDataInfos searchCerts(CertSearchRequest data, Integer start, Integer size) {
         if (data == null) {
             throw new WebApplicationException(Response.Status.BAD_REQUEST);
         }
@@ -372,7 +373,7 @@ public class CertResourceService extends CMSResourceService implements CertResou
                 infos.addLink(new Link("next", uri));
             }
         } catch (EBaseException e1) {
-            throw new CMSException("Error listing certs in CertsResourceService.listCerts!" + e.toString());
+            throw new PKIException("Error listing certs in CertsResourceService.listCerts!" + e.toString());
         }
 
         return infos;
@@ -412,14 +413,14 @@ public class CertResourceService extends CMSResourceService implements CertResou
         return ret;
     }
 
-    public CertificateData getCert(CertRetrievalRequestData data) throws EBaseException, CertificateEncodingException {
+    public CertData getCert(CertRetrievalRequest data) throws EBaseException, CertificateEncodingException {
         CertId certId = data.getCertId();
 
         //find the cert in question
         ICertRecord record = repo.readCertificateRecord(certId.toBigInteger());
         X509CertImpl cert = record.getCertificate();
 
-        CertificateData certData = new CertificateData();
+        CertData certData = new CertData();
 
         certData.setSerialNumber(certId);
 
diff --git a/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java b/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
index 167385ea9..f45947e8c 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
@@ -49,6 +49,7 @@ import com.netscape.certsrv.authorization.EAuthzAccessDenied;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IArgBlock;
 import com.netscape.certsrv.base.Nonces;
+import com.netscape.certsrv.base.PKIException;
 import com.netscape.certsrv.ca.ICRLIssuingPoint;
 import com.netscape.certsrv.ca.ICertificateAuthority;
 import com.netscape.certsrv.dbs.certdb.CertId;
@@ -65,7 +66,6 @@ import com.netscape.certsrv.usrgrp.Certificates;
 import com.netscape.certsrv.usrgrp.ICertUserLocator;
 import com.netscape.certsrv.usrgrp.IUGSubsystem;
 import com.netscape.certsrv.usrgrp.IUser;
-import com.netscape.cms.servlet.base.CMSException;
 import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.CMSTemplate;
@@ -473,7 +473,7 @@ public class DoRevoke extends CMSServlet {
                         processor.addCertificateToRevoke(targetCert);
                         rarg.addStringValue("error", null);
 
-                    } catch (CMSException ex) {
+                    } catch (PKIException ex) {
                         rarg.addStringValue("error", ex.getMessage());
                     }
 
diff --git a/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java b/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java
index 292f60457..cca8381fd 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java
@@ -40,6 +40,7 @@ import com.netscape.certsrv.authorization.AuthzToken;
 import com.netscape.certsrv.authorization.EAuthzAccessDenied;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IArgBlock;
+import com.netscape.certsrv.base.PKIException;
 import com.netscape.certsrv.ca.ICRLIssuingPoint;
 import com.netscape.certsrv.ca.ICertificateAuthority;
 import com.netscape.certsrv.dbs.certdb.CertId;
@@ -50,7 +51,6 @@ import com.netscape.certsrv.publish.IPublisherProcessor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.RequestId;
 import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.cms.servlet.base.CMSException;
 import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.CMSTemplate;
@@ -274,7 +274,7 @@ public class DoUnrevoke extends CMSServlet {
             processor.log(ILogger.LL_FAILURE, "Error " + e);
             processor.auditChangeRequest(ILogger.FAILURE);
 
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
         }
 
         // change audit processing from "REQUEST" to "REQUEST_PROCESSED"
diff --git a/base/common/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java b/base/common/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java
index 8b48f0d73..911b30fa3 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java
@@ -30,16 +30,15 @@ import com.netscape.certsrv.base.BadRequestDataException;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.EPropertyNotFound;
 import com.netscape.certsrv.base.SessionContext;
+import com.netscape.certsrv.cert.CertEnrollmentRequest;
 import com.netscape.certsrv.profile.IProfile;
 import com.netscape.certsrv.profile.IProfileAuthenticator;
 import com.netscape.certsrv.profile.IProfileContext;
 import com.netscape.certsrv.profile.IProfileInput;
+import com.netscape.certsrv.profile.ProfileInput;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.profile.SSLClientCertProvider;
-import com.netscape.cms.servlet.profile.model.ProfileInput;
-import com.netscape.cms.servlet.request.model.EnrollmentRequestData;
-import com.netscape.cms.servlet.request.model.EnrollmentRequestDataFactory;
 
 public class EnrollmentProcessor extends CertProcessor {
 
@@ -47,7 +46,7 @@ public class EnrollmentProcessor extends CertProcessor {
         super(id, locale);
     }
 
-    private void setInputsIntoContext(EnrollmentRequestData data, IProfile profile, IProfileContext ctx) {
+    private void setInputsIntoContext(CertEnrollmentRequest data, IProfile profile, IProfileContext ctx) {
         // put profile inputs into a local map
         HashMap<String, String> dataInputs = new HashMap<String, String>();
         for (ProfileInput input : data.getInputs()) {
@@ -97,7 +96,7 @@ public class EnrollmentProcessor extends CertProcessor {
             throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
         }
 
-        EnrollmentRequestData data = EnrollmentRequestDataFactory.create(cmsReq, profile, locale);
+        CertEnrollmentRequest data = CertEnrollmentRequestFactory.create(cmsReq, profile, locale);
         return processEnrollment(data, cmsReq.getHttpReq());
     }
 
@@ -118,7 +117,7 @@ public class EnrollmentProcessor extends CertProcessor {
      * @param cmsReq the object holding the request and response information
      * @exception EBaseException an error has occurred
      */
-    public HashMap<String, Object> processEnrollment(EnrollmentRequestData data, HttpServletRequest request)
+    public HashMap<String, Object> processEnrollment(CertEnrollmentRequest data, HttpServletRequest request)
             throws EBaseException {
 
         try {
diff --git a/base/common/src/com/netscape/cms/servlet/cert/RenewalProcessor.java b/base/common/src/com/netscape/cms/servlet/cert/RenewalProcessor.java
index cc4dd12ae..a13a305b8 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/RenewalProcessor.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/RenewalProcessor.java
@@ -35,6 +35,7 @@ import com.netscape.certsrv.base.BadRequestDataException;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.EPropertyNotFound;
 import com.netscape.certsrv.base.SessionContext;
+import com.netscape.certsrv.cert.CertEnrollmentRequest;
 import com.netscape.certsrv.dbs.certdb.ICertRecord;
 import com.netscape.certsrv.profile.IEnrollProfile;
 import com.netscape.certsrv.profile.IProfile;
@@ -44,8 +45,6 @@ import com.netscape.certsrv.profile.IProfileInput;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.profile.SSLClientCertProvider;
-import com.netscape.cms.servlet.request.model.EnrollmentRequestData;
-import com.netscape.cms.servlet.request.model.EnrollmentRequestDataFactory;
 
 public class RenewalProcessor extends CertProcessor {
 
@@ -61,7 +60,7 @@ public class RenewalProcessor extends CertProcessor {
             throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
         }
 
-        EnrollmentRequestData data = EnrollmentRequestDataFactory.create(cmsReq, profile, locale);
+        CertEnrollmentRequest data = CertEnrollmentRequestFactory.create(cmsReq, profile, locale);
 
         //only used in renewal
         data.setSerialNum(req.getParameter("serial_num"));
@@ -78,7 +77,7 @@ public class RenewalProcessor extends CertProcessor {
      * Things to note:
      * * the renew request will contain the original profile instead of the new
      */
-    public HashMap<String, Object> processRenewal(EnrollmentRequestData data, HttpServletRequest request)
+    public HashMap<String, Object> processRenewal(CertEnrollmentRequest data, HttpServletRequest request)
             throws EBaseException {
         try {
             if (CMS.debugOn()) {
diff --git a/base/common/src/com/netscape/cms/servlet/cert/RequestProcessor.java b/base/common/src/com/netscape/cms/servlet/cert/RequestProcessor.java
index 57e33f3a5..74a3183d6 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/RequestProcessor.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/RequestProcessor.java
@@ -36,6 +36,7 @@ import com.netscape.certsrv.base.BadRequestDataException;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.EPropertyNotFound;
 import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.certsrv.cert.CertReviewResponse;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.profile.EDeferException;
 import com.netscape.certsrv.profile.EProfileException;
@@ -46,19 +47,17 @@ import com.netscape.certsrv.profile.IPolicyDefault;
 import com.netscape.certsrv.profile.IProfile;
 import com.netscape.certsrv.profile.IProfileOutput;
 import com.netscape.certsrv.profile.IProfilePolicy;
+import com.netscape.certsrv.profile.PolicyDefault;
+import com.netscape.certsrv.profile.ProfileAttribute;
+import com.netscape.certsrv.profile.ProfileOutput;
+import com.netscape.certsrv.profile.ProfilePolicySet;
 import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.RequestId;
 import com.netscape.certsrv.request.RequestStatus;
 import com.netscape.cms.profile.common.ProfilePolicy;
 import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.profile.model.PolicyDefault;
-import com.netscape.cms.servlet.profile.model.ProfileAttribute;
-import com.netscape.cms.servlet.profile.model.ProfileOutput;
-import com.netscape.cms.servlet.profile.model.ProfileOutputFactory;
-import com.netscape.cms.servlet.profile.model.ProfilePolicySet;
-import com.netscape.cms.servlet.request.model.AgentEnrollmentRequestData;
-import com.netscape.cms.servlet.request.model.AgentEnrollmentRequestDataFactory;
+import com.netscape.cms.servlet.profile.ProfileOutputFactory;
 
 public class RequestProcessor extends CertProcessor {
 
@@ -66,19 +65,19 @@ public class RequestProcessor extends CertProcessor {
         super(id, locale);
     }
 
-    public AgentEnrollmentRequestData processRequest(CMSRequest cmsReq, IRequest request, String op) throws EBaseException {
+    public CertReviewResponse processRequest(CMSRequest cmsReq, IRequest request, String op) throws EBaseException {
         HttpServletRequest req = cmsReq.getHttpReq();
         IRequest ireq = cmsReq.getIRequest();
 
         String profileId = ireq.getExtDataInString("profileId");
         IProfile profile = ps.getProfile(profileId);
-        AgentEnrollmentRequestData data = AgentEnrollmentRequestDataFactory.create(cmsReq, profile, nonces, locale);
+        CertReviewResponse data = CertReviewResponseFactory.create(cmsReq, profile, nonces, locale);
 
         processRequest(req, data, request, op);
         return data;
     }
 
-    public void processRequest(HttpServletRequest request, AgentEnrollmentRequestData data, IRequest req, String op)
+    public void processRequest(HttpServletRequest request, CertReviewResponse data, IRequest req, String op)
             throws EBaseException {
         try {
             startTiming("approval");
@@ -355,7 +354,7 @@ public class RequestProcessor extends CertProcessor {
      * @exception EProfileException an error related to this profile has
      *                occurred
      */
-    private void approveRequest(IRequest req, AgentEnrollmentRequestData data, IProfile profile, Locale locale)
+    private void approveRequest(IRequest req, CertReviewResponse data, IProfile profile, Locale locale)
             throws EProfileException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -404,14 +403,14 @@ public class RequestProcessor extends CertProcessor {
         }
     }
 
-    private void updateValues(AgentEnrollmentRequestData data, IRequest req,
+    private void updateValues(CertReviewResponse data, IRequest req,
             IProfile profile, Locale locale)
             throws ERejectException, EDeferException, EPropertyException {
 
         // put request policy defaults in a local hash
         HashMap<String, String> policyData = new HashMap<String,String>();
         for (ProfilePolicySet policySet: data.getPolicySets()) {
-            for (com.netscape.cms.servlet.profile.model.ProfilePolicy policy: policySet.getPolicies()) {
+            for (com.netscape.certsrv.profile.ProfilePolicy policy: policySet.getPolicies()) {
                 PolicyDefault def = policy.getDef();
                 List<ProfileAttribute> attrs = def.getAttributes();
                 for (ProfileAttribute attr: attrs) {
@@ -443,7 +442,7 @@ public class RequestProcessor extends CertProcessor {
 
     }
 
-    private void updateNotes(AgentEnrollmentRequestData data, IRequest req) {
+    private void updateNotes(CertReviewResponse data, IRequest req) {
         String notes = data.getRequestNotes();
 
         if (notes != null) {
diff --git a/base/common/src/com/netscape/cms/servlet/cert/RevocationProcessor.java b/base/common/src/com/netscape/cms/servlet/cert/RevocationProcessor.java
index 3f0fffbf4..36d00459b 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/RevocationProcessor.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/RevocationProcessor.java
@@ -35,8 +35,10 @@ import netscape.security.x509.RevokedCertImpl;
 import netscape.security.x509.X509CertImpl;
 
 import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.BadRequestException;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.EPropertyNotFound;
+import com.netscape.certsrv.base.UnauthorizedException;
 import com.netscape.certsrv.ca.ICertificateAuthority;
 import com.netscape.certsrv.dbs.certdb.CertId;
 import com.netscape.certsrv.dbs.certdb.ICertRecord;
@@ -48,8 +50,6 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.certsrv.request.RequestId;
 import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.cms.servlet.base.BadRequestException;
-import com.netscape.cms.servlet.base.UnauthorizedException;
 
 /**
  * @author Endi S. Dewata
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationErrorInterceptor.java b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationErrorInterceptor.java
deleted file mode 100644
index 63af4101a..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationErrorInterceptor.java
+++ /dev/null
@@ -1,65 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2012 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-
-import org.jboss.resteasy.client.ClientResponse;
-import org.jboss.resteasy.client.core.ClientErrorInterceptor;
-
-import com.netscape.cms.servlet.base.CMSException;
-
-/**
- * @author alee
- *
- */
-public class ConfigurationErrorInterceptor implements ClientErrorInterceptor {
-
-    public void handle(ClientResponse<?> response) {
-
-        // handle HTTP code 4xx and 5xx
-        int code = response.getResponseStatus().getStatusCode();
-        if (code < 400) return;
-
-        MultivaluedMap<String, String> headers = response.getHeaders();
-        String contentType = headers.getFirst("Content-Type");
-
-        // handle XML content only
-        System.out.println("Content-type: "+contentType);
-        if (!contentType.startsWith(MediaType.APPLICATION_XML)) return;
-
-        CMSException exception;
-
-        try {
-            // Requires RESTEasy 2.3.2
-            // https://issues.jboss.org/browse/RESTEASY-652
-            CMSException.Data data = response.getEntity(CMSException.Data.class);
-
-            Class<?> clazz = Class.forName(data.className);
-            exception = (CMSException) clazz.getConstructor(CMSException.Data.class).newInstance(data);
-
-        } catch (Exception e) {
-            e.printStackTrace();
-            return;
-        }
-
-        throw exception;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
index 50c7853df..4397251b5 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
@@ -140,12 +140,13 @@ import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord;
 import com.netscape.certsrv.ldap.ILdapConnFactory;
 import com.netscape.certsrv.ocsp.IDefStore;
 import com.netscape.certsrv.ocsp.IOCSPAuthority;
+import com.netscape.certsrv.system.InstallToken;
+import com.netscape.certsrv.system.InstallTokenRequest;
 import com.netscape.certsrv.usrgrp.IGroup;
 import com.netscape.certsrv.usrgrp.IUGSubsystem;
 import com.netscape.certsrv.usrgrp.IUser;
-import com.netscape.cms.client.cli.ClientConfig;
-import com.netscape.cms.servlet.csadmin.model.InstallToken;
-import com.netscape.cms.servlet.csadmin.model.InstallTokenRequest;
+import com.netscape.cms.client.ClientConfig;
+import com.netscape.cms.client.system.SystemConfigClient;
 import com.netscape.cmsutil.crypto.CryptoUtil;
 import com.netscape.cmsutil.http.HttpClient;
 import com.netscape.cmsutil.http.HttpRequest;
@@ -299,7 +300,7 @@ public class ConfigurationUtils {
         ClientConfig config = new ClientConfig();
         config.setServerURI("https://" + sdhost + ":" + sdport + "/ca");
 
-        ConfigurationRESTClient client = new ConfigurationRESTClient(config);
+        SystemConfigClient client = new SystemConfigClient(config);
 
         InstallToken token = client.getInstallToken(data);
 
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SystemCertDataFactory.java b/base/common/src/com/netscape/cms/servlet/csadmin/SystemCertDataFactory.java
new file mode 100644
index 000000000..bd23c8f16
--- /dev/null
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/SystemCertDataFactory.java
@@ -0,0 +1,47 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2012 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+package com.netscape.cms.servlet.csadmin;
+
+import java.util.ArrayList;
+import java.util.Collection;
+
+import com.netscape.certsrv.system.SystemCertData;
+
+/**
+ * @author edewata
+ */
+public class SystemCertDataFactory {
+
+    public static SystemCertData create(Cert cert) {
+        SystemCertData data = new SystemCertData();
+        data.setCert(cert.getCert());
+        data.setRequest(cert.getRequest());
+        data.setTag(cert.getCertTag());
+        data.setCertChain(cert.getCertChain());
+        return data;
+    }
+
+    public static Collection<SystemCertData> create(Collection<Cert> certs) {
+        Collection<SystemCertData> result = new ArrayList<SystemCertData>();
+        for (Cert cert : certs) {
+            result.add(create(cert));
+        }
+        return result;
+    }
+}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigurationResourceService.java b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java
index 9747eb12c..53b004846 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigurationResourceService.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java
@@ -47,19 +47,20 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.EPropertyNotFound;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISecurityDomainSessionTable;
+import com.netscape.certsrv.base.PKIException;
 import com.netscape.certsrv.ca.ICertificateAuthority;
 import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
 import com.netscape.certsrv.ocsp.IOCSPAuthority;
+import com.netscape.certsrv.system.ConfigurationRequest;
+import com.netscape.certsrv.system.ConfigurationResponse;
+import com.netscape.certsrv.system.DomainInfo;
+import com.netscape.certsrv.system.InstallToken;
+import com.netscape.certsrv.system.InstallTokenRequest;
+import com.netscape.certsrv.system.SystemCertData;
+import com.netscape.certsrv.system.SystemConfigResource;
 import com.netscape.certsrv.usrgrp.IUGSubsystem;
 import com.netscape.certsrv.usrgrp.IUser;
-import com.netscape.cms.servlet.base.CMSException;
-import com.netscape.cms.servlet.base.CMSResourceService;
-import com.netscape.cms.servlet.csadmin.model.CertData;
-import com.netscape.cms.servlet.csadmin.model.ConfigurationData;
-import com.netscape.cms.servlet.csadmin.model.ConfigurationResponseData;
-import com.netscape.cms.servlet.csadmin.model.DomainInfo;
-import com.netscape.cms.servlet.csadmin.model.InstallToken;
-import com.netscape.cms.servlet.csadmin.model.InstallTokenRequest;
+import com.netscape.cms.servlet.base.PKIService;
 import com.netscape.cmsutil.crypto.CryptoUtil;
 import com.netscape.cmsutil.util.Utils;
 
@@ -67,7 +68,7 @@ import com.netscape.cmsutil.util.Utils;
  * @author alee
  *
  */
-public class SystemConfigurationResourceService extends CMSResourceService implements SystemConfigurationResource {
+public class SystemConfigService extends PKIService implements SystemConfigResource {
     IConfigStore cs;
     String csType;
     String csState;
@@ -79,7 +80,7 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
             "restart_server_after_configuration";
     private Random random = null;
 
-    public SystemConfigurationResourceService() throws EPropertyNotFound, EBaseException {
+    public SystemConfigService() throws EPropertyNotFound, EBaseException {
         cs = CMS.getConfigStore();
         csType = cs.getString("cs.type");
         csState = cs.getString("cs.state");
@@ -95,8 +96,8 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
      * @see com.netscape.cms.servlet.csadmin.SystemConfigurationResource#configure(javax.ws.rs.core.MultivaluedMap)
      */
     @Override
-    public ConfigurationResponseData configure(MultivaluedMap<String, String> form) {
-        ConfigurationData data = new ConfigurationData(form);
+    public ConfigurationResponse configure(MultivaluedMap<String, String> form) {
+        ConfigurationRequest data = new ConfigurationRequest(form);
         return configure(data);
     }
 
@@ -104,9 +105,9 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
      * @see com.netscape.cms.servlet.csadmin.SystemConfigurationResource#configure(com.netscape.cms.servlet.csadmin.data.ConfigurationData)
      */
     @Override
-    public ConfigurationResponseData configure(ConfigurationData data){
+    public ConfigurationResponse configure(ConfigurationRequest data){
         if (csState.equals("1")) {
-            throw new CMSException(Response.Status.BAD_REQUEST, "System is already configured");
+            throw new PKIException(Response.Status.BAD_REQUEST, "System is already configured");
         }
 
         String certList;
@@ -114,34 +115,34 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
             certList = cs.getString("preop.cert.list");
         } catch (Exception e) {
             e.printStackTrace();
-            throw new CMSException("Unable to get certList from config file");
+            throw new PKIException("Unable to get certList from config file");
         }
 
         validateData(data);
-        ConfigurationResponseData response = new ConfigurationResponseData();
+        ConfigurationResponse response = new ConfigurationResponse();
 
         // specify module and log into token
         String token = data.getToken();
         if (token == null) {
-            token = ConfigurationData.TOKEN_DEFAULT;
+            token = ConfigurationRequest.TOKEN_DEFAULT;
         }
         cs.putString("preop.module.token", token);
 
-        if (! token.equals(ConfigurationData.TOKEN_DEFAULT)) {
+        if (! token.equals(ConfigurationRequest.TOKEN_DEFAULT)) {
             try {
                 CryptoManager cryptoManager = CryptoManager.getInstance();
                 CryptoToken ctoken = cryptoManager.getTokenByName(token);
                 String tokenpwd = data.getTokenPassword();
                 ConfigurationUtils.loginToken(ctoken, tokenpwd);
             } catch (NotInitializedException e) {
-                throw new CMSException("Token is not initialized");
+                throw new PKIException("Token is not initialized");
             } catch (NoSuchTokenException e) {
-                throw new CMSException(Response.Status.BAD_REQUEST, "Invalid Token provided. No such token.");
+                throw new PKIException(Response.Status.BAD_REQUEST, "Invalid Token provided. No such token.");
             } catch (TokenException e) {
                 e.printStackTrace();
-                throw new CMSException("Token Exception" + e);
+                throw new PKIException("Token Exception" + e);
             } catch (IncorrectPasswordException e) {
-                throw new CMSException(Response.Status.BAD_REQUEST, "Incorrect Password provided for token.");
+                throw new PKIException(Response.Status.BAD_REQUEST, "Incorrect Password provided for token.");
             }
         }
 
@@ -150,7 +151,7 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
         String securityDomainName = data.getSecurityDomainName();
         String securityDomainURL = data.getSecurityDomainUri();
         String domainXML = null;
-        if (securityDomainType.equals(ConfigurationData.NEW_DOMAIN)) {
+        if (securityDomainType.equals(ConfigurationRequest.NEW_DOMAIN)) {
             cs.putString("preop.securitydomain.select", "new");
             cs.putString("securitydomain.select", "new");
             cs.putString("preop.securitydomain.name", securityDomainName);
@@ -181,7 +182,7 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
                 ConfigurationUtils.importCertChain(host, port, "/ca/admin/ca/getCertChain", "securitydomain");
             } catch (Exception e) {
                 e.printStackTrace();
-                throw new CMSException("Failed to import certificate chain from security domain master: " + e);
+                throw new PKIException("Failed to import certificate chain from security domain master: " + e);
             }
 
             // log onto security domain and get token
@@ -192,11 +193,11 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
                 installToken = ConfigurationUtils.getInstallToken(host, port, user, pass);
             } catch (Exception e) {
                 e.printStackTrace();
-                throw new CMSException("Failed to obtain installation token from security domain: " + e);
+                throw new PKIException("Failed to obtain installation token from security domain: " + e);
             }
 
             if (installToken == null) {
-                throw new CMSException("Failed to obtain installation token from security domain");
+                throw new PKIException("Failed to obtain installation token from security domain");
             }
             CMS.setConfigSDSessionId(installToken);
 
@@ -205,7 +206,7 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
                 ConfigurationUtils.getSecurityDomainPorts(domainXML, host, port);
             } catch (Exception e) {
                 e.printStackTrace();
-                throw new CMSException("Failed to obtain security domain decriptor from security domain master: " + e);
+                throw new PKIException("Failed to obtain security domain decriptor from security domain master: " + e);
             }
         }
 
@@ -245,11 +246,11 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
                 validCloneUri = ConfigurationUtils.isValidCloneURI(domainXML, masterHost, masterPort);
             } catch (Exception e) {
                 e.printStackTrace();
-                throw new CMSException("Error in determining whether clone URI is valid");
+                throw new PKIException("Error in determining whether clone URI is valid");
             }
 
             if (!validCloneUri) {
-                throw new CMSException(Response.Status.BAD_REQUEST,
+                throw new PKIException(Response.Status.BAD_REQUEST,
                         "Invalid clone URI provided.  Does not match the available subsystems in the security domain");
             }
 
@@ -258,7 +259,7 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
                     ConfigurationUtils.importCertChain(masterHost, masterPort, "/ca/ee/ca/getCertChain", "clone");
                 } catch (Exception e) {
                     e.printStackTrace();
-                    throw new CMSException("Failed to import certificate chain from master" + e);
+                    throw new PKIException("Failed to import certificate chain from master" + e);
                 }
             }
 
@@ -266,25 +267,25 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
                 ConfigurationUtils.getConfigEntriesFromMaster();
             } catch (Exception e) {
                 e.printStackTrace();
-                throw new CMSException("Failed to obtain configuration entries from the master for cloning " + e);
+                throw new PKIException("Failed to obtain configuration entries from the master for cloning " + e);
             }
 
             // restore certs from P12 file
-            if (token.equals(ConfigurationData.TOKEN_DEFAULT)) {
+            if (token.equals(ConfigurationRequest.TOKEN_DEFAULT)) {
                 String p12File = data.getP12File();
                 String p12Pass = data.getP12Password();
                 try {
                     ConfigurationUtils.restoreCertsFromP12(p12File, p12Pass);
                 } catch (Exception e) {
                     e.printStackTrace();
-                    throw new CMSException("Failed to restore certificates from p12 file" + e);
+                    throw new PKIException("Failed to restore certificates from p12 file" + e);
                 }
             }
 
             boolean cloneReady = ConfigurationUtils.isCertdbCloned();
             if (!cloneReady) {
                 CMS.debug("clone does not have all the certificates.");
-                throw new CMSException("Clone does not have all the required certificates");
+                throw new PKIException("Clone does not have all the required certificates");
             }
         }
 
@@ -299,7 +300,7 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
                 cs.putString("preop.hierarchy.select", "join");
                 cs.putString("hierarchy.select", "Subordinate");
             } else {
-                throw new CMSException(Response.Status.BAD_REQUEST, "Invalid hierarchy provided");
+                throw new PKIException(Response.Status.BAD_REQUEST, "Invalid hierarchy provided");
             }
         }
 
@@ -316,7 +317,7 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
             cs.commit(false);
         } catch (EBaseException e2) {
             e2.printStackTrace();
-            throw new CMSException("Unable to commit config parameters to file");
+            throw new PKIException("Unable to commit config parameters to file");
         }
 
         if (data.getIsClone().equals("true")) {
@@ -333,12 +334,12 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
             }
 
             if (masterhost.equals(realhostname) && masterport.equals(data.getDsPort())) {
-                throw new CMSException(Response.Status.BAD_REQUEST,
+                throw new PKIException(Response.Status.BAD_REQUEST,
                         "Master and clone must not share the same internal database");
             }
 
             if (!masterbasedn.equals(data.getBaseDN())) {
-                throw new CMSException(Response.Status.BAD_REQUEST, "Master and clone should have the same base DN");
+                throw new PKIException(Response.Status.BAD_REQUEST, "Master and clone should have the same base DN");
             }
 
             String masterReplicationPort = data.getMasterReplicationPort();
@@ -390,7 +391,7 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
                 ConfigurationUtils.reInitSubsystem(csType);
             }
         } catch (Exception e) {
-            throw new CMSException("Error in populating database" + e);
+            throw new PKIException("Error in populating database" + e);
         }
 
         // SizePanel, NamePanel, CertRequestPanel
@@ -433,7 +434,7 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
                 }
             }
         } catch (Exception e) {
-            throw new CMSException("Error in obtaining certificate chain from issuing CA: " + e);
+            throw new PKIException("Error in obtaining certificate chain from issuing CA: " + e);
         }
 
         boolean hasSigningCert = false;
@@ -445,9 +446,9 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
                 boolean enable = cs.getBoolean("preop.cert." + ct + ".enable", true);
                 if (!enable) continue;
 
-                Collection<CertData> certData = data.getSystemCerts();
-                Iterator<CertData> iterator = certData.iterator();
-                CertData cdata = null;
+                Collection<SystemCertData> certData = data.getSystemCerts();
+                Iterator<SystemCertData> iterator = certData.iterator();
+                SystemCertData cdata = null;
                 while (iterator.hasNext()) {
                     cdata = iterator.next();
                     if (cdata.getTag().equals(ct)) break;
@@ -521,7 +522,7 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
                         if (cdata.getCertChain() != null) {
                             certObj.setCertChain(cdata.getCertChain());
                         } else {
-                            throw new CMSException(Response.Status.BAD_REQUEST, "CertChain not provided");
+                            throw new PKIException(Response.Status.BAD_REQUEST, "CertChain not provided");
                         }
                     }
                 }
@@ -533,18 +534,18 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
 
         } catch (NumberFormatException e) {
             // move these validations to validate()?
-            throw new CMSException(Response.Status.BAD_REQUEST, "Non-integer value for key size");
+            throw new PKIException(Response.Status.BAD_REQUEST, "Non-integer value for key size");
         } catch (NoSuchAlgorithmException e) {
             e.printStackTrace();
-            throw new CMSException(Response.Status.BAD_REQUEST, "Invalid algorithm " + e);
+            throw new PKIException(Response.Status.BAD_REQUEST, "Invalid algorithm " + e);
         } catch (Exception e) {
             e.printStackTrace();
-            throw new CMSException("Error in setting certificate names and key sizes: " + e);
+            throw new PKIException("Error in setting certificate names and key sizes: " + e);
         }
 
         // submitting to external ca
         if ((data.getIssuingCA()!= null) && data.getIssuingCA().equals("External CA") && (!hasSigningCert)) {
-            response.setSystemCerts(certs);
+            response.setSystemCerts(SystemCertDataFactory.create(certs));
             return response;
         }
 
@@ -557,13 +558,13 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
                 ConfigurationUtils.setCertPermissions(cert.getCertTag());
             } catch (Exception e) {
                 e.printStackTrace();
-                throw new CMSException("Error in confguring system certificates" + e);
+                throw new PKIException("Error in confguring system certificates" + e);
             }
             if (ret != 0) {
-                throw new CMSException("Error in confguring system certificates");
+                throw new PKIException("Error in confguring system certificates");
             }
         }
-        response.setSystemCerts(certs);
+        response.setSystemCerts(SystemCertDataFactory.create(certs));
 
         // BackupKeyCertPanel/SavePKCS12Panel
         if (data.getBackupKeys().equals("true")) {
@@ -571,7 +572,7 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
                 ConfigurationUtils.backupKeys(data.getBackupPassword(), data.getBackupFile());
             } catch (Exception e) {
                 e.printStackTrace();
-                throw new CMSException("Error in creating pkcs12 to backup keys and certs: " + e);
+                throw new PKIException("Error in creating pkcs12 to backup keys and certs: " + e);
             }
         }
 
@@ -617,14 +618,14 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
 
             } catch (Exception e) {
                 e.printStackTrace();
-                throw new CMSException("Error in creating admin user: " + e);
+                throw new PKIException("Error in creating admin user: " + e);
             }
         }
 
         // Done Panel
         // Create or update security domain
         try {
-            if (securityDomainType.equals(ConfigurationData.NEW_DOMAIN)) {
+            if (securityDomainType.equals(ConfigurationRequest.NEW_DOMAIN)) {
                 ConfigurationUtils.createSecurityDomain();
             } else {
                 ConfigurationUtils.updateSecurityDomain();
@@ -634,7 +635,7 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
             cs.commit(false);
         } catch (Exception e) {
             e.printStackTrace();
-            throw new CMSException("Error while updating security domain: " + e);
+            throw new PKIException("Error while updating security domain: " + e);
         }
 
         // need to push connector information to the CA
@@ -653,7 +654,7 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
             }
         } catch (Exception e) {
             e.printStackTrace();
-            throw new CMSException("Errors in pushing KRA connector information to the CA: " + e);
+            throw new PKIException("Errors in pushing KRA connector information to the CA: " + e);
         }
 
         // import the CA certificate into the OCSP
@@ -667,7 +668,7 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
             }
         } catch (Exception e) {
             e.printStackTrace();
-            throw new CMSException("Errors in configuring CA publishing to OCSP: " + e);
+            throw new PKIException("Errors in configuring CA publishing to OCSP: " + e);
         }
 
         if (!data.getIsClone().equals("true")) {
@@ -677,7 +678,7 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
                 }
             } catch (Exception e) {
                 e.printStackTrace();
-                throw new CMSException("Errors in updating next serial number ranges in DB: " + e);
+                throw new PKIException("Errors in updating next serial number ranges in DB: " + e);
             }
         }
 
@@ -695,12 +696,12 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
             }
         } catch (Exception e1) {
             e1.printStackTrace();
-            throw new CMSException("Errors in determining if security domain host is a master CA");
+            throw new PKIException("Errors in determining if security domain host is a master CA");
         }
 
         try {
             String dbuser = csType + "-" + CMS.getEEHost() + "-" + CMS.getEESSLPort();
-            if (! securityDomainType.equals(ConfigurationData.NEW_DOMAIN)) {
+            if (! securityDomainType.equals(ConfigurationRequest.NEW_DOMAIN)) {
                 ConfigurationUtils.setupDBUser(dbuser);
             }
             IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
@@ -708,7 +709,7 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
             system.addCertSubjectDN(user);
         } catch (Exception e) {
             e.printStackTrace();
-            throw new CMSException("Errors in creating or updating dbuser: " + e);
+            throw new PKIException("Errors in creating or updating dbuser: " + e);
         }
 
         cs.putInteger("cs.state", 1);
@@ -720,7 +721,7 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
             ConfigurationUtils.removePreopConfigEntries();
         } catch (EBaseException e) {
             e.printStackTrace();
-            throw new CMSException("Errors when removing preop config entries: " + e);
+            throw new PKIException("Errors when removing preop config entries: " + e);
         }
 
         // Create an empty file that designates the fact that although
@@ -734,7 +735,7 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
         return response;
     }
 
-    private void validateData(ConfigurationData data) {
+    private void validateData(ConfigurationRequest data) {
         // get required info from CS.cfg
         String preopPin;
         try {
@@ -742,35 +743,35 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
         } catch (Exception e) {
             CMS.debug("validateData: Failed to get required config form CS.cfg");
             e.printStackTrace();
-            throw new CMSException("Unable to retrieve required configuration from configuration files");
+            throw new PKIException("Unable to retrieve required configuration from configuration files");
         }
 
         // get the preop pin and validate it
         String pin = data.getPin();
         if (pin == null) {
-            throw new CMSException(Response.Status.BAD_REQUEST, "No preop pin provided");
+            throw new PKIException(Response.Status.BAD_REQUEST, "No preop pin provided");
         }
         if (!preopPin.equals(pin)) {
-            throw new CMSException(Response.Status.BAD_REQUEST, "Incorrect pin provided");
+            throw new PKIException(Response.Status.BAD_REQUEST, "Incorrect pin provided");
         }
 
         // validate security domain settings
         String domainType = data.getSecurityDomainType();
         if (domainType == null) {
-            throw new CMSException(Response.Status.BAD_REQUEST, "Security Domain Type not provided");
+            throw new PKIException(Response.Status.BAD_REQUEST, "Security Domain Type not provided");
         }
 
-        if (domainType.equals(ConfigurationData.NEW_DOMAIN)) {
+        if (domainType.equals(ConfigurationRequest.NEW_DOMAIN)) {
             if (!csType.equals("CA")) {
-                throw new CMSException(Response.Status.BAD_REQUEST, "New Domain is only valid for CA subsytems");
+                throw new PKIException(Response.Status.BAD_REQUEST, "New Domain is only valid for CA subsytems");
             }
             if (data.getSecurityDomainName() == null) {
-                throw new CMSException(Response.Status.BAD_REQUEST, "Security Domain Name is not provided");
+                throw new PKIException(Response.Status.BAD_REQUEST, "Security Domain Name is not provided");
             }
-        } else if (domainType.equals(ConfigurationData.EXISTING_DOMAIN)) {
+        } else if (domainType.equals(ConfigurationRequest.EXISTING_DOMAIN)) {
             String domainURI = data.getSecurityDomainUri();
             if (domainURI == null) {
-                throw new CMSException(Response.Status.BAD_REQUEST,
+                throw new PKIException(Response.Status.BAD_REQUEST,
                         "Existing security domain requested, but no security domain URI provided");
             }
 
@@ -778,40 +779,40 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
                 @SuppressWarnings("unused")
                 URL admin_u = new URL(domainURI);  // check for invalid URL
             } catch (MalformedURLException e) {
-                throw new CMSException(Response.Status.BAD_REQUEST, "Invalid security domain URI");
+                throw new PKIException(Response.Status.BAD_REQUEST, "Invalid security domain URI");
             }
             if ((data.getSecurityDomainUser() == null) || (data.getSecurityDomainPassword() == null)) {
-                throw new CMSException(Response.Status.BAD_REQUEST, "Security domain user or password not provided");
+                throw new PKIException(Response.Status.BAD_REQUEST, "Security domain user or password not provided");
             }
 
         } else {
-            throw new CMSException(Response.Status.BAD_REQUEST, "Invalid security domain URI provided");
+            throw new PKIException(Response.Status.BAD_REQUEST, "Invalid security domain URI provided");
         }
 
         if ((data.getSubsystemName() == null) || (data.getSubsystemName().length() ==0)) {
-            throw new CMSException(Response.Status.BAD_REQUEST, "Invalid or no subsystem name provided");
+            throw new PKIException(Response.Status.BAD_REQUEST, "Invalid or no subsystem name provided");
         }
 
         if ((data.getIsClone() != null) && (data.getIsClone().equals("true"))) {
             String cloneUri = data.getCloneUri();
             if (cloneUri == null) {
-                throw new CMSException(Response.Status.BAD_REQUEST, "Clone selected, but no clone URI provided");
+                throw new PKIException(Response.Status.BAD_REQUEST, "Clone selected, but no clone URI provided");
             }
             try {
                 @SuppressWarnings("unused")
                 URL url = new URL(cloneUri); // check for invalid URL
                 // confirm protocol is https
             } catch (MalformedURLException e) {
-                throw new CMSException(Response.Status.BAD_REQUEST, "Invalid clone URI");
+                throw new PKIException(Response.Status.BAD_REQUEST, "Invalid clone URI");
             }
 
-            if (data.getToken().equals(ConfigurationData.TOKEN_DEFAULT)) {
+            if (data.getToken().equals(ConfigurationRequest.TOKEN_DEFAULT)) {
                 if (data.getP12File() == null) {
-                    throw new CMSException(Response.Status.BAD_REQUEST, "P12 filename not provided");
+                    throw new PKIException(Response.Status.BAD_REQUEST, "P12 filename not provided");
                 }
 
                 if (data.getP12Password() == null) {
-                    throw new CMSException(Response.Status.BAD_REQUEST, "P12 password not provided");
+                    throw new PKIException(Response.Status.BAD_REQUEST, "P12 password not provided");
                 }
             }
         } else {
@@ -820,33 +821,33 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
 
         String dsHost = data.getDsHost();
         if (dsHost == null || dsHost.length() == 0) {
-            throw new CMSException(Response.Status.BAD_REQUEST, "Internal database host not provided");
+            throw new PKIException(Response.Status.BAD_REQUEST, "Internal database host not provided");
         }
 
         try {
             Integer.parseInt(data.getDsPort());  // check for errors
         } catch (NumberFormatException e) {
-            throw new CMSException(Response.Status.BAD_REQUEST, "Internal database port is invalid");
+            throw new PKIException(Response.Status.BAD_REQUEST, "Internal database port is invalid");
         }
 
         String basedn = data.getBaseDN();
         if (basedn == null || basedn.length() == 0) {
-            throw new CMSException(Response.Status.BAD_REQUEST, "Internal database basedn not provided");
+            throw new PKIException(Response.Status.BAD_REQUEST, "Internal database basedn not provided");
         }
 
         String binddn = data.getBindDN();
         if (binddn == null || binddn.length() == 0) {
-            throw new CMSException(Response.Status.BAD_REQUEST, "Internal database basedn not provided");
+            throw new PKIException(Response.Status.BAD_REQUEST, "Internal database basedn not provided");
         }
 
         String database = data.getDatabase();
         if (database == null || database.length() == 0) {
-            throw new CMSException(Response.Status.BAD_REQUEST, "Internal database database name not provided");
+            throw new PKIException(Response.Status.BAD_REQUEST, "Internal database database name not provided");
         }
 
         String bindpwd = data.getBindpwd();
         if (bindpwd == null || bindpwd.length() == 0) {
-            throw new CMSException(Response.Status.BAD_REQUEST, "Internal database database name not provided");
+            throw new PKIException(Response.Status.BAD_REQUEST, "Internal database database name not provided");
         }
 
         String masterReplicationPort = data.getMasterReplicationPort();
@@ -854,7 +855,7 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
             try {
                 Integer.parseInt(masterReplicationPort); // check for errors
             } catch (NumberFormatException e) {
-                throw new CMSException(Response.Status.BAD_REQUEST, "Master replication port is invalid");
+                throw new PKIException(Response.Status.BAD_REQUEST, "Master replication port is invalid");
             }
         }
 
@@ -863,48 +864,48 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
             try {
                 Integer.parseInt(cloneReplicationPort); // check for errors
             } catch (Exception e) {
-                throw new CMSException(Response.Status.BAD_REQUEST, "Clone replication port is invalid");
+                throw new PKIException(Response.Status.BAD_REQUEST, "Clone replication port is invalid");
             }
         }
 
         if ((data.getBackupKeys() != null) && data.getBackupKeys().equals("true")) {
             if ((data.getBackupFile() == null) || (data.getBackupFile().length()<=0)) {
                 //TODO: also check for valid path, perhaps by touching file there
-                throw new CMSException(Response.Status.BAD_REQUEST, "Invalid key backup file name");
+                throw new PKIException(Response.Status.BAD_REQUEST, "Invalid key backup file name");
             }
 
             if ((data.getBackupPassword() == null) || (data.getBackupPassword().length()<8)) {
-                throw new CMSException(Response.Status.BAD_REQUEST, "key backup password must be at least 8 characters");
+                throw new PKIException(Response.Status.BAD_REQUEST, "key backup password must be at least 8 characters");
             }
         } else {
             data.setBackupKeys("false");
         }
 
         if (csType.equals("CA") && (data.getHierarchy() == null)) {
-            throw new CMSException(Response.Status.BAD_REQUEST, "Hierarchy is requred for CA, not provided");
+            throw new PKIException(Response.Status.BAD_REQUEST, "Hierarchy is requred for CA, not provided");
         }
 
         if (data.getIsClone().equals("false")) {
             if ((data.getAdminUID() == null) || (data.getAdminUID().length()==0)) {
-                throw new CMSException(Response.Status.BAD_REQUEST, "Admin UID not provided");
+                throw new PKIException(Response.Status.BAD_REQUEST, "Admin UID not provided");
             }
             if ((data.getAdminPassword() == null) || (data.getAdminPassword().length()==0)) {
-                throw new CMSException(Response.Status.BAD_REQUEST, "Admin Password not provided");
+                throw new PKIException(Response.Status.BAD_REQUEST, "Admin Password not provided");
             }
             if ((data.getAdminEmail() == null) || (data.getAdminEmail().length()==0)) {
-                throw new CMSException(Response.Status.BAD_REQUEST, "Admin UID not provided");
+                throw new PKIException(Response.Status.BAD_REQUEST, "Admin UID not provided");
             }
             if ((data.getAdminName() == null) || (data.getAdminName().length()==0)) {
-                throw new CMSException(Response.Status.BAD_REQUEST, "Admin name not provided");
+                throw new PKIException(Response.Status.BAD_REQUEST, "Admin name not provided");
             }
             if ((data.getAdminCertRequest() == null) || (data.getAdminCertRequest().length()==0)) {
-                throw new CMSException(Response.Status.BAD_REQUEST, "Admin cert request not provided");
+                throw new PKIException(Response.Status.BAD_REQUEST, "Admin cert request not provided");
             }
             if ((data.getAdminCertRequestType() == null) || (data.getAdminCertRequestType().length()==0)) {
-                throw new CMSException(Response.Status.BAD_REQUEST, "Admin cert request type not provided");
+                throw new PKIException(Response.Status.BAD_REQUEST, "Admin cert request type not provided");
             }
             if ((data.getAdminSubjectDN() == null) || (data.getAdminSubjectDN().length()==0)) {
-                throw new CMSException(Response.Status.BAD_REQUEST, "Admin subjectDN not provided");
+                throw new PKIException(Response.Status.BAD_REQUEST, "Admin subjectDN not provided");
             }
         }
 
@@ -928,7 +929,7 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
         try {
             ip = InetAddress.getByName(host).toString();
         } catch (UnknownHostException e) {
-            throw new CMSException(Response.Status.BAD_REQUEST, "Unable to resolve host " + host +
+            throw new PKIException(Response.Status.BAD_REQUEST, "Unable to resolve host " + host +
                     "to an IP address: " + e);
         }
         int index = ip.indexOf("/");
diff --git a/base/common/src/com/netscape/cms/servlet/request/model/KeyRequestDAO.java b/base/common/src/com/netscape/cms/servlet/key/KeyRequestDAO.java
index 36a869aaf..e64bcb2dc 100644
--- a/base/common/src/com/netscape/cms/servlet/request/model/KeyRequestDAO.java
+++ b/base/common/src/com/netscape/cms/servlet/key/KeyRequestDAO.java
@@ -15,7 +15,7 @@
 // (C) 2011 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.request.model;
+package com.netscape.cms.servlet.key;
 
 import java.util.ArrayList;
 import java.util.Collection;
@@ -32,13 +32,20 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.keydb.IKeyRecord;
 import com.netscape.certsrv.dbs.keydb.IKeyRepository;
 import com.netscape.certsrv.dbs.keydb.KeyId;
+import com.netscape.certsrv.key.KeyArchivalRequest;
+import com.netscape.certsrv.key.KeyRecoveryRequest;
+import com.netscape.certsrv.key.KeyRequestInfo;
+import com.netscape.certsrv.key.KeyRequestInfos;
+import com.netscape.certsrv.key.KeyRequestResource;
+import com.netscape.certsrv.key.KeyResource;
 import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
 import com.netscape.certsrv.profile.IEnrollProfile;
+import com.netscape.certsrv.request.CMSRequestInfo;
+import com.netscape.certsrv.request.CMSRequestInfos;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.RequestId;
 import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.cms.servlet.key.KeyResource;
-import com.netscape.cms.servlet.request.KeyRequestResource;
+import com.netscape.cms.servlet.request.CMSRequestDAO;
 
 /**
  * @author alee
@@ -127,7 +134,7 @@ public class KeyRequestDAO extends CMSRequestDAO {
      * @return info for the request submitted.
      * @throws EBaseException
      */
-    public KeyRequestInfo submitRequest(ArchivalRequestData data, UriInfo uriInfo) throws EBaseException {
+    public KeyRequestInfo submitRequest(KeyArchivalRequest data, UriInfo uriInfo) throws EBaseException {
         String clientId = data.getClientId();
         String wrappedSecurityData = data.getWrappedPrivateData();
         String dataType = data.getDataType();
@@ -158,7 +165,7 @@ public class KeyRequestDAO extends CMSRequestDAO {
      * @return info on the recovery request created
      * @throws EBaseException
      */
-    public KeyRequestInfo submitRequest(RecoveryRequestData data, UriInfo uriInfo) throws EBaseException {
+    public KeyRequestInfo submitRequest(KeyRecoveryRequest data, UriInfo uriInfo) throws EBaseException {
         // set data using request.setExtData(field, data)
 
         String wrappedSessionKeyStr = data.getTransWrappedSessionKey();
diff --git a/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java b/base/common/src/com/netscape/cms/servlet/key/KeyService.java
index 560d7f9f8..4db2fed0a 100644
--- a/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java
+++ b/base/common/src/com/netscape/cms/servlet/key/KeyService.java
@@ -36,31 +36,31 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.keydb.IKeyRecord;
 import com.netscape.certsrv.dbs.keydb.IKeyRepository;
 import com.netscape.certsrv.dbs.keydb.KeyId;
+import com.netscape.certsrv.key.KeyData;
+import com.netscape.certsrv.key.KeyDataInfo;
+import com.netscape.certsrv.key.KeyDataInfos;
+import com.netscape.certsrv.key.KeyRecoveryRequest;
+import com.netscape.certsrv.key.KeyRequestInfo;
+import com.netscape.certsrv.key.KeyResource;
 import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.certsrv.request.RequestId;
 import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.cms.servlet.base.CMSResourceService;
-import com.netscape.cms.servlet.key.model.KeyData;
-import com.netscape.cms.servlet.key.model.KeyDataInfo;
-import com.netscape.cms.servlet.key.model.KeyDataInfos;
-import com.netscape.cms.servlet.request.model.KeyRequestDAO;
-import com.netscape.cms.servlet.request.model.KeyRequestInfo;
-import com.netscape.cms.servlet.request.model.RecoveryRequestData;
+import com.netscape.cms.servlet.base.PKIService;
 import com.netscape.cmsutil.ldap.LDAPUtil;
 
 /**
  * @author alee
  *
  */
-public class KeyResourceService extends CMSResourceService implements KeyResource{
+public class KeyService extends PKIService implements KeyResource{
 
     private IKeyRepository repo;
     private IKeyRecoveryAuthority kra;
     private IRequestQueue queue;
 
-    public KeyResourceService() {
+    public KeyService() {
         kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( "kra" );
         repo = kra.getKeyRepository();
         queue = kra.getRequestQueue();
@@ -71,7 +71,7 @@ public class KeyResourceService extends CMSResourceService implements KeyResourc
      * @param data
      * @return
      */
-    public KeyData retrieveKey(RecoveryRequestData data) {
+    public KeyData retrieveKey(KeyRecoveryRequest data) {
         // auth and authz
         KeyId keyId = validateRequest(data);
         KeyData keyData;
@@ -90,11 +90,11 @@ public class KeyResourceService extends CMSResourceService implements KeyResourc
 
     // retrieval - used to test integration with a browser
     public KeyData retrieveKey(MultivaluedMap<String, String> form) {
-        RecoveryRequestData data = new RecoveryRequestData(form);
+        KeyRecoveryRequest data = new KeyRecoveryRequest(form);
         return retrieveKey(data);
     }
 
-    public KeyData getKey(KeyId keyId, RecoveryRequestData data) throws EBaseException {
+    public KeyData getKey(KeyId keyId, KeyRecoveryRequest data) throws EBaseException {
         KeyData keyData;
 
         RequestId rId = data.getRequestId();
@@ -192,7 +192,7 @@ public class KeyResourceService extends CMSResourceService implements KeyResourc
         return keyData;
     }
 
-    private KeyId validateRequest(RecoveryRequestData data) {
+    private KeyId validateRequest(KeyRecoveryRequest data) {
 
         // confirm request exists
         RequestId reqId = data.getRequestId();
diff --git a/base/common/src/com/netscape/cms/servlet/profile/model/PolicyConstraintFactory.java b/base/common/src/com/netscape/cms/servlet/profile/PolicyConstraintFactory.java
index bd361a752..6c1d92a72 100644
--- a/base/common/src/com/netscape/cms/servlet/profile/model/PolicyConstraintFactory.java
+++ b/base/common/src/com/netscape/cms/servlet/profile/PolicyConstraintFactory.java
@@ -15,12 +15,14 @@
 // (C) 2012 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.profile.model;
+package com.netscape.cms.servlet.profile;
 
 import java.util.Enumeration;
 import java.util.Locale;
 
 import com.netscape.certsrv.profile.IPolicyConstraint;
+import com.netscape.certsrv.profile.PolicyConstraint;
+import com.netscape.certsrv.profile.PolicyConstraintValue;
 import com.netscape.certsrv.property.Descriptor;
 
 public class PolicyConstraintFactory {
diff --git a/base/common/src/com/netscape/cms/servlet/profile/model/PolicyDefaultFactory.java b/base/common/src/com/netscape/cms/servlet/profile/PolicyDefaultFactory.java
index 6b9379f0b..fe6b436ab 100644
--- a/base/common/src/com/netscape/cms/servlet/profile/model/PolicyDefaultFactory.java
+++ b/base/common/src/com/netscape/cms/servlet/profile/PolicyDefaultFactory.java
@@ -15,13 +15,15 @@
 // (C) 2012 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.profile.model;
+package com.netscape.cms.servlet.profile;
 
 import java.util.Enumeration;
 import java.util.Locale;
 
 import com.netscape.certsrv.base.IArgBlock;
 import com.netscape.certsrv.profile.IPolicyDefault;
+import com.netscape.certsrv.profile.PolicyDefault;
+import com.netscape.certsrv.profile.ProfileAttribute;
 import com.netscape.certsrv.property.Descriptor;
 import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.request.IRequest;
diff --git a/base/common/src/com/netscape/cms/servlet/profile/model/ProfileInputFactory.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileInputFactory.java
index 67d3e9a2c..f5a9e7556 100644
--- a/base/common/src/com/netscape/cms/servlet/profile/model/ProfileInputFactory.java
+++ b/base/common/src/com/netscape/cms/servlet/profile/ProfileInputFactory.java
@@ -1,4 +1,4 @@
-package com.netscape.cms.servlet.profile.model;
+package com.netscape.cms.servlet.profile;
 
 import java.util.Enumeration;
 import java.util.Locale;
@@ -6,6 +6,7 @@ import java.util.Locale;
 import com.netscape.certsrv.base.IArgBlock;
 import com.netscape.certsrv.profile.EProfileException;
 import com.netscape.certsrv.profile.IProfileInput;
+import com.netscape.certsrv.profile.ProfileInput;
 import com.netscape.certsrv.request.IRequest;
 
 public class ProfileInputFactory {
diff --git a/base/common/src/com/netscape/cms/servlet/profile/model/ProfileOutputFactory.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileOutputFactory.java
index 93bbaa2c5..278acf488 100644
--- a/base/common/src/com/netscape/cms/servlet/profile/model/ProfileOutputFactory.java
+++ b/base/common/src/com/netscape/cms/servlet/profile/ProfileOutputFactory.java
@@ -15,13 +15,15 @@
 //(C) 2012 Red Hat, Inc.
 //All rights reserved.
 //--- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.profile.model;
+package com.netscape.cms.servlet.profile;
 
 import java.util.Enumeration;
 import java.util.Locale;
 
 import com.netscape.certsrv.profile.EProfileException;
 import com.netscape.certsrv.profile.IProfileOutput;
+import com.netscape.certsrv.profile.ProfileAttribute;
+import com.netscape.certsrv.profile.ProfileOutput;
 import com.netscape.certsrv.property.Descriptor;
 import com.netscape.certsrv.request.IRequest;
 
diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java
index 0f9f34144..dcde4b019 100644
--- a/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java
+++ b/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java
@@ -29,10 +29,13 @@ import com.netscape.certsrv.authentication.EAuthException;
 import com.netscape.certsrv.authorization.EAuthzException;
 import com.netscape.certsrv.base.BadRequestDataException;
 import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.cert.CertReviewResponse;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.profile.EDeferException;
 import com.netscape.certsrv.profile.EProfileException;
 import com.netscape.certsrv.profile.ERejectException;
+import com.netscape.certsrv.profile.ProfileAttribute;
+import com.netscape.certsrv.profile.ProfileOutput;
 import com.netscape.certsrv.property.Descriptor;
 import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.request.IRequest;
@@ -41,9 +44,6 @@ import com.netscape.certsrv.template.ArgSet;
 import com.netscape.certsrv.template.ArgString;
 import com.netscape.cms.servlet.cert.RequestProcessor;
 import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.profile.model.ProfileAttribute;
-import com.netscape.cms.servlet.profile.model.ProfileOutput;
-import com.netscape.cms.servlet.request.model.AgentEnrollmentRequestData;
 
 /**
  * This servlet approves profile-based request.
@@ -103,7 +103,7 @@ public class ProfileProcessServlet extends ProfileServlet {
         // set request in cmsReq for later retrieval
         cmsReq.setIRequest(req);
 
-        AgentEnrollmentRequestData data = null;
+        CertReviewResponse data = null;
         try {
             data = processor.processRequest(cmsReq, req, op);
         } catch (EAuthException e) {
diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileResourceService.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileService.java
index c39125876..2b790b8cb 100644
--- a/base/common/src/com/netscape/cms/servlet/profile/ProfileResourceService.java
+++ b/base/common/src/com/netscape/cms/servlet/profile/ProfileService.java
@@ -32,17 +32,19 @@ import com.netscape.certsrv.profile.EProfileException;
 import com.netscape.certsrv.profile.IProfile;
 import com.netscape.certsrv.profile.IProfileInput;
 import com.netscape.certsrv.profile.IProfileSubsystem;
-import com.netscape.cms.servlet.base.CMSResourceService;
-import com.netscape.cms.servlet.profile.model.ProfileData;
-import com.netscape.cms.servlet.profile.model.ProfileDataInfo;
-import com.netscape.cms.servlet.profile.model.ProfileDataInfos;
-import com.netscape.cms.servlet.profile.model.ProfileInput;
+import com.netscape.certsrv.profile.ProfileData;
+import com.netscape.certsrv.profile.ProfileDataInfo;
+import com.netscape.certsrv.profile.ProfileDataInfos;
+import com.netscape.certsrv.profile.ProfileInput;
+import com.netscape.certsrv.profile.ProfileNotFoundException;
+import com.netscape.certsrv.profile.ProfileResource;
+import com.netscape.cms.servlet.base.PKIService;
 
 /**
  * @author alee
  *
  */
-public class ProfileResourceService extends CMSResourceService implements ProfileResource {
+public class ProfileService extends PKIService implements ProfileResource {
 
     private IProfileSubsystem ps = (IProfileSubsystem) CMS.getSubsystem(IProfileSubsystem.ID);
 
diff --git a/base/common/src/com/netscape/cms/servlet/request/model/CMSRequestDAO.java b/base/common/src/com/netscape/cms/servlet/request/CMSRequestDAO.java
index 5ac984168..f7c9f7aae 100644
--- a/base/common/src/com/netscape/cms/servlet/request/model/CMSRequestDAO.java
+++ b/base/common/src/com/netscape/cms/servlet/request/CMSRequestDAO.java
@@ -15,7 +15,7 @@
 // (C) 2011 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.request.model;
+package com.netscape.cms.servlet.request;
 
 import java.net.URI;
 import java.util.ArrayList;
@@ -28,12 +28,14 @@ import javax.ws.rs.core.UriInfo;
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.authority.IAuthority;
 import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.Link;
+import com.netscape.certsrv.request.CMSRequestInfo;
+import com.netscape.certsrv.request.CMSRequestInfos;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.IRequestList;
 import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.certsrv.request.IRequestVirtualList;
 import com.netscape.certsrv.request.RequestId;
-import com.netscape.cms.servlet.base.model.Link;
 
 /**
  * @author alee
@@ -161,6 +163,6 @@ public abstract class CMSRequestDAO {
         return false;
     }
 
-    abstract  CMSRequestInfo createCMSRequestInfo(IRequest request, UriInfo uriInfo);
+    protected abstract CMSRequestInfo createCMSRequestInfo(IRequest request, UriInfo uriInfo);
 }
 
diff --git a/base/common/src/com/netscape/cms/servlet/request/CertRequestResourceService.java b/base/common/src/com/netscape/cms/servlet/request/CertRequestService.java
index d107e2191..a8099003f 100644
--- a/base/common/src/com/netscape/cms/servlet/request/CertRequestResourceService.java
+++ b/base/common/src/com/netscape/cms/servlet/request/CertRequestService.java
@@ -26,27 +26,29 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.authentication.EAuthException;
 import com.netscape.certsrv.authorization.EAuthzException;
 import com.netscape.certsrv.base.BadRequestDataException;
+import com.netscape.certsrv.base.BadRequestException;
 import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.cert.CertEnrollmentRequest;
+import com.netscape.certsrv.cert.CertRequestInfo;
+import com.netscape.certsrv.cert.CertRequestInfos;
+import com.netscape.certsrv.cert.CertRequestResource;
+import com.netscape.certsrv.cert.CertReviewResponse;
 import com.netscape.certsrv.profile.EDeferException;
 import com.netscape.certsrv.profile.EProfileException;
 import com.netscape.certsrv.profile.ERejectException;
 import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.request.RequestId;
-import com.netscape.cms.servlet.base.BadRequestException;
-import com.netscape.cms.servlet.base.CMSException;
-import com.netscape.cms.servlet.base.CMSResourceService;
-import com.netscape.cms.servlet.request.model.AgentEnrollmentRequestData;
-import com.netscape.cms.servlet.request.model.CertRequestDAO;
-import com.netscape.cms.servlet.request.model.CertRequestInfo;
-import com.netscape.cms.servlet.request.model.CertRequestInfos;
-import com.netscape.cms.servlet.request.model.EnrollmentRequestData;
+import com.netscape.certsrv.request.RequestNotFoundException;
+import com.netscape.cms.servlet.base.PKIService;
+import com.netscape.cms.servlet.cert.CertRequestDAO;
 import com.netscape.cmsutil.ldap.LDAPUtil;
 
 /**
  * @author alee
  *
  */
-public class CertRequestResourceService extends CMSResourceService implements CertRequestResource {
+public class CertRequestService extends PKIService implements CertRequestResource {
 
     /**
      * Used to retrieve key request info for a specific request
@@ -61,7 +63,7 @@ public class CertRequestResourceService extends CMSResourceService implements Ce
         } catch (EBaseException e) {
             // log error
             e.printStackTrace();
-            throw new CMSException("Error getting Cert request info!");
+            throw new PKIException("Error getting Cert request info!");
         }
 
         if (info == null) {
@@ -74,11 +76,11 @@ public class CertRequestResourceService extends CMSResourceService implements Ce
 
     // Enrollment - used to test integration with a browser
     public CertRequestInfos enrollCert(MultivaluedMap<String, String> form) {
-        EnrollmentRequestData data = new EnrollmentRequestData(form);
+        CertEnrollmentRequest data = new CertEnrollmentRequest(form);
         return enrollCert(data);
     }
 
-    public CertRequestInfos enrollCert(EnrollmentRequestData data) {
+    public CertRequestInfos enrollCert(CertEnrollmentRequest data) {
         CertRequestInfos infos;
         if (data == null) {
             throw new BadRequestException("Bad data input into CertRequestResourceService.enrollCert!");
@@ -89,49 +91,49 @@ public class CertRequestResourceService extends CMSResourceService implements Ce
             infos = dao.submitRequest(data, servletRequest, uriInfo, getLocale());
         } catch (EAuthException e) {
             CMS.debug("enrollCert: authentication failed: " + e);
-            throw new CMSException(Response.Status.UNAUTHORIZED, e.toString());
+            throw new PKIException(Response.Status.UNAUTHORIZED, e.toString());
         } catch (EAuthzException e) {
             CMS.debug("enrollCert: authorization failed: " + e);
-            throw new CMSException(Response.Status.UNAUTHORIZED, e.toString());
+            throw new PKIException(Response.Status.UNAUTHORIZED, e.toString());
         } catch (BadRequestDataException e) {
             CMS.debug("enrollCert: bad request data: " + e);
-            throw new CMSException(Response.Status.BAD_REQUEST, e.toString());
+            throw new PKIException(Response.Status.BAD_REQUEST, e.toString());
         } catch (EBaseException e) {
-            throw new CMSException(e.toString());
+            throw new PKIException(e.toString());
         }
 
         return infos;
     }
 
-    public void approveRequest(RequestId id, AgentEnrollmentRequestData data) {
+    public void approveRequest(RequestId id, CertReviewResponse data) {
         changeRequestState(id, data, "approve");
     }
 
-    public void rejectRequest(RequestId id, AgentEnrollmentRequestData data) {
+    public void rejectRequest(RequestId id, CertReviewResponse data) {
         changeRequestState(id, data, "reject");
     }
 
-    public void cancelRequest(RequestId id, AgentEnrollmentRequestData data) {
+    public void cancelRequest(RequestId id, CertReviewResponse data) {
         changeRequestState(id, data, "cancel");
     }
 
-    public void updateRequest(RequestId id, AgentEnrollmentRequestData data) {
+    public void updateRequest(RequestId id, CertReviewResponse data) {
         changeRequestState(id, data, "update");
     }
 
-    public void validateRequest(RequestId id, AgentEnrollmentRequestData data) {
+    public void validateRequest(RequestId id, CertReviewResponse data) {
         changeRequestState(id, data, "validate");
     }
 
-    public void unassignRequest(RequestId id, AgentEnrollmentRequestData data) {
+    public void unassignRequest(RequestId id, CertReviewResponse data) {
         changeRequestState(id, data, "unassign");
     }
 
-    public void assignRequest(RequestId id, AgentEnrollmentRequestData data) {
+    public void assignRequest(RequestId id, CertReviewResponse data) {
         changeRequestState(id, data, "assign");
     }
 
-    public void changeRequestState(RequestId id, AgentEnrollmentRequestData data, String op) {
+    public void changeRequestState(RequestId id, CertReviewResponse data, String op) {
         if (id == null) {
             throw new BadRequestException("Bad data input in CertRequestResourceService. op:" + op);
         }
@@ -140,36 +142,36 @@ public class CertRequestResourceService extends CMSResourceService implements Ce
             dao.changeRequestState(id, servletRequest, data, getLocale(), op);
         } catch (ERejectException e) {
             CMS.debug("changeRequestState: execution rejected " + e);
-            throw new CMSException(Response.Status.BAD_REQUEST,
+            throw new PKIException(Response.Status.BAD_REQUEST,
                     CMS.getUserMessage(getLocale(), "CMS_PROFILE_REJECTED", e.toString()));
         } catch (EDeferException e) {
             CMS.debug("changeRequestState: execution defered " + e);
             // TODO do we throw an exception here?
-            throw new CMSException(Response.Status.BAD_REQUEST,
+            throw new PKIException(Response.Status.BAD_REQUEST,
                     CMS.getUserMessage(getLocale(), "CMS_PROFILE_DEFERRED", e.toString()));
         } catch (BadRequestDataException e) {
             CMS.debug("changeRequestState: bad request data: " + e);
-            throw new CMSException(Response.Status.BAD_REQUEST, e.toString());
+            throw new PKIException(Response.Status.BAD_REQUEST, e.toString());
         } catch (EPropertyException e) {
             CMS.debug("changeRequestState: execution error " + e);
-            throw new CMSException(CMS.getUserMessage(getLocale(),
+            throw new PKIException(CMS.getUserMessage(getLocale(),
                     "CMS_PROFILE_PROPERTY_ERROR", e.toString()));
         } catch (EProfileException e) {
             CMS.debug("ProfileProcessServlet: execution error " + e);
-            throw new CMSException(CMS.getUserMessage(getLocale(), "CMS_INTERNAL_ERROR"));
+            throw new PKIException(CMS.getUserMessage(getLocale(), "CMS_INTERNAL_ERROR"));
         } catch (EBaseException e) {
             e.printStackTrace();
-            throw new CMSException("Problem approving request in CertRequestResource.assignRequest! " + e);
+            throw new PKIException("Problem approving request in CertRequestResource.assignRequest! " + e);
         } catch (RequestNotFoundException e) {
             CMS.debug(e);
-            throw new CMSException(Response.Status.BAD_REQUEST,
+            throw new PKIException(Response.Status.BAD_REQUEST,
                     CMS.getUserMessage(getLocale(), "CMS_REQUEST_NOT_FOUND", id.toString()));
         }
     }
 
-    public AgentEnrollmentRequestData reviewRequest(@PathParam("id") RequestId id) {
+    public CertReviewResponse reviewRequest(@PathParam("id") RequestId id) {
      // auth and authz
-        AgentEnrollmentRequestData info;
+        CertReviewResponse info;
 
         CertRequestDAO dao = new CertRequestDAO();
         try {
@@ -177,7 +179,7 @@ public class CertRequestResourceService extends CMSResourceService implements Ce
         } catch (EBaseException e) {
             // log error
             e.printStackTrace();
-            throw new CMSException("Error getting Cert request info!");
+            throw new PKIException("Error getting Cert request info!");
         }
 
         if (info == null) {
@@ -211,7 +213,7 @@ public class CertRequestResourceService extends CMSResourceService implements Ce
         } catch (EBaseException e) {
             CMS.debug("listRequests: error in obtaining request results" + e);
             e.printStackTrace();
-            throw new CMSException("Error listing cert requests!");
+            throw new PKIException("Error listing cert requests!");
         }
         return requests;
     }
diff --git a/base/common/src/com/netscape/cms/servlet/request/KeyRequestResourceService.java b/base/common/src/com/netscape/cms/servlet/request/KeyRequestService.java
index d98938b7a..775c0ed28 100644
--- a/base/common/src/com/netscape/cms/servlet/request/KeyRequestResourceService.java
+++ b/base/common/src/com/netscape/cms/servlet/request/KeyRequestService.java
@@ -24,21 +24,23 @@ import javax.ws.rs.core.Response;
 
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.key.KeyArchivalRequest;
+import com.netscape.certsrv.key.KeyRecoveryRequest;
+import com.netscape.certsrv.key.KeyRequestInfo;
+import com.netscape.certsrv.key.KeyRequestInfos;
+import com.netscape.certsrv.key.KeyRequestResource;
 import com.netscape.certsrv.request.RequestId;
-import com.netscape.cms.servlet.base.CMSException;
-import com.netscape.cms.servlet.base.CMSResourceService;
-import com.netscape.cms.servlet.request.model.ArchivalRequestData;
-import com.netscape.cms.servlet.request.model.KeyRequestDAO;
-import com.netscape.cms.servlet.request.model.KeyRequestInfo;
-import com.netscape.cms.servlet.request.model.KeyRequestInfos;
-import com.netscape.cms.servlet.request.model.RecoveryRequestData;
+import com.netscape.certsrv.request.RequestNotFoundException;
+import com.netscape.cms.servlet.base.PKIService;
+import com.netscape.cms.servlet.key.KeyRequestDAO;
 import com.netscape.cmsutil.ldap.LDAPUtil;
 
 /**
  * @author alee
  *
  */
-public class KeyRequestResourceService extends CMSResourceService implements KeyRequestResource {
+public class KeyRequestService extends PKIService implements KeyRequestResource {
 
     /**
      * Used to retrieve key request info for a specific request
@@ -52,7 +54,7 @@ public class KeyRequestResourceService extends CMSResourceService implements Key
         } catch (EBaseException e) {
             // log error
             e.printStackTrace();
-            throw new CMSException(e.getMessage(), e);
+            throw new PKIException(e.getMessage(), e);
         }
         if (info == null) {
             // request does not exist
@@ -63,11 +65,11 @@ public class KeyRequestResourceService extends CMSResourceService implements Key
 
     // Archiving - used to test integration with a browser
     public KeyRequestInfo archiveKey(MultivaluedMap<String, String> form) {
-        ArchivalRequestData data = new ArchivalRequestData(form);
+        KeyArchivalRequest data = new KeyArchivalRequest(form);
         return archiveKey(data);
     }
 
-    public KeyRequestInfo archiveKey(ArchivalRequestData data) {
+    public KeyRequestInfo archiveKey(KeyArchivalRequest data) {
         // auth and authz
         // Catch this before internal server processing has to deal with it
 
@@ -91,11 +93,11 @@ public class KeyRequestResourceService extends CMSResourceService implements Key
 
     //Recovery - used to test integration with a browser
     public KeyRequestInfo recoverKey(MultivaluedMap<String, String> form) {
-        RecoveryRequestData data = new RecoveryRequestData(form);
+        KeyRecoveryRequest data = new KeyRecoveryRequest(form);
         return recoverKey(data);
     }
 
-    public KeyRequestInfo recoverKey(RecoveryRequestData data) {
+    public KeyRequestInfo recoverKey(KeyRecoveryRequest data) {
         // auth and authz
 
         //Check for entirely illegal data combination here
diff --git a/base/common/test/CMakeLists.txt b/base/common/test/CMakeLists.txt
index 2f7b4fa4e..181c7530f 100644
--- a/base/common/test/CMakeLists.txt
+++ b/base/common/test/CMakeLists.txt
@@ -28,50 +28,24 @@ find_file(PKI_CMSBUNDLE_JAR
         ${JAVA_JAR_INSTALL_DIR}/pki
 )
 
-# TODO: create CMake function to find all Java files
-set(pki-common-test_SRCS
-    com/netscape/certsrv/app/CMSEngineDefaultStub.java
-    com/netscape/certsrv/authentication/AuthTokenTest.java
-    com/netscape/certsrv/logging/LoggerDefaultStub.java
-    com/netscape/certsrv/request/AgentApprovalsTest.java
-    com/netscape/cmscore/dbs/CertRecordListTest.java
-    com/netscape/cmscore/dbs/DBRegistryDefaultStub.java
-    com/netscape/cmscore/dbs/DBRegistryTest.java
-    com/netscape/cmscore/dbs/DBSSessionDefaultStub.java
-    com/netscape/cmscore/dbs/DBSubsystemDefaultStub.java
-    com/netscape/cmscore/dbs/DBVirtualListDefaultStub.java
-    com/netscape/cmscore/dbs/RequestRecordDefaultStub.java
-    com/netscape/cmscore/request/DBDynAttrMapperDefaultStub.java
-    com/netscape/cmscore/request/ExtAttrDynMapperTest.java
-    com/netscape/cmscore/request/ExtDataHashtableTest.java
-    com/netscape/cmscore/request/RequestDefaultStub.java
-    com/netscape/cmscore/request/RequestModDefaultStub.java
-    com/netscape/cmscore/request/RequestQueueTest.java
-    com/netscape/cmscore/request/RequestRecordTest.java
-    com/netscape/cmscore/request/RequestTest.java
-    com/netscape/cmscore/test/CMSBaseTestCase.java
-    com/netscape/cmscore/test/TestHelper.java
-)
-
-set(CMAKE_JAVA_INCLUDE_PATH
-    ${PKI_NSUTIL_JAR} ${PKI_CMSUTIL_JAR}
-    ${PKI_CERTSRV_JAR} ${PKI_CMS_JAR} ${PKI_CMSCORE_JAR} ${PKI_CMSBUNDLE_JAR}
-    ${LDAPJDK_JAR} ${SERVLET_JAR} ${VELOCITY_JAR} ${XALAN_JAR} ${XERCES_JAR}
-    ${JSS_JAR} ${COMMONS_CODEC_JAR} ${SYMKEY_JAR}
-    ${PKI_TEST_JAR} ${JUNIT_JAR}
-)
-
-set(CMAKE_JAVA_TARGET_VERSION ${APPLICATION_VERSION})
-
-# build test jar file
-# TODO: create CMake function to compile without building jar file
+# build pki-common-test
 # TODO: build test only when the test is invoked
-set(CMAKE_JAR_CLASSES_PREFIX com/netscape)
-add_jar(pki-common-test ${pki-common-test_SRCS})
-add_dependencies(pki-common-test
-    pki-nsutil pki-cmsutil
-    pki-certsrv pki-cms pki-cmscore pki-cmsbundle
-    pki-test
+javac(pki-common-test-classes
+    SOURCES
+        com/netscape/certsrv/*.java
+        com/netscape/cmscore/*.java
+    CLASSPATH
+        ${PKI_NSUTIL_JAR} ${PKI_CMSUTIL_JAR}
+        ${PKI_CERTSRV_JAR} ${PKI_CMS_JAR} ${PKI_CMSCORE_JAR} ${PKI_CMSBUNDLE_JAR}
+        ${LDAPJDK_JAR} ${SERVLET_JAR} ${VELOCITY_JAR} ${XALAN_JAR} ${XERCES_JAR}
+        ${JSS_JAR} ${COMMONS_CODEC_JAR} ${SYMKEY_JAR} ${JUNIT_JAR}
+        ${CMAKE_BINARY_DIR}/test/classes
+    OUTPUT_DIR
+        ${CMAKE_BINARY_DIR}/test/classes
+    DEPENDS
+        pki-test-classes
+        pki-nsutil pki-cmsutil
+        pki-certsrv pki-cms pki-cmscore pki-cmsbundle
 )
 
 # create test target
@@ -79,12 +53,11 @@ add_dependencies(pki-common-test
 # TODO: create CMake function to find all JUnit test classes
 add_junit_test(test-pki-common
     CLASSPATH
-        ${pki-common-test_JAR_FILE}
         ${PKI_NSUTIL_JAR} ${PKI_CMSUTIL_JAR}
         ${PKI_CERTSRV_JAR} ${PKI_CMS_JAR} ${PKI_CMSCORE_JAR} ${PKI_CMSBUNDLE_JAR}
         ${LDAPJDK_JAR} ${SERVLET_JAR} ${VELOCITY_JAR}
-        ${JSS_JAR} ${COMMONS_CODEC_JAR} ${SYMKEY_JAR}
-        ${PKI_TEST_JAR} ${JUNIT_JAR}
+        ${JSS_JAR} ${COMMONS_CODEC_JAR} ${SYMKEY_JAR} ${JUNIT_JAR}
+        ${CMAKE_BINARY_DIR}/test/classes
     TESTS
         com.netscape.certsrv.authentication.AuthTokenTest
         com.netscape.certsrv.request.AgentApprovalsTest
diff --git a/base/deploy/src/scriptlets/configuration.jy b/base/deploy/src/scriptlets/configuration.jy
index 290a2cc65..7433ae463 100644
--- a/base/deploy/src/scriptlets/configuration.jy
+++ b/base/deploy/src/scriptlets/configuration.jy
@@ -17,7 +17,7 @@ from java.lang import System as javasystem
 
 
 # PKI Java Imports
-from com.netscape.cms.client.cli import ClientConfig
+from com.netscape.cms.client import ClientConfig
 
 
 def main(argv):
diff --git a/base/deploy/src/scriptlets/pkijython.py b/base/deploy/src/scriptlets/pkijython.py
index 5adc7e022..503e687d0 100644
--- a/base/deploy/src/scriptlets/pkijython.py
+++ b/base/deploy/src/scriptlets/pkijython.py
@@ -96,7 +96,8 @@ jarLoad.addFile("/usr/share/java/resteasy/resteasy-jaxrs.jar")
 jarLoad.addFile("/usr/share/java/resteasy/resteasy-jettison-provider.jar")
 jarLoad.addFile("/usr/share/java/scannotation.jar")
 #     PKI Jars
-jarLoad.addFile("/usr/share/java/pki/pki-cms.jar")
+jarLoad.addFile("/usr/share/java/pki/pki-certsrv.jar")
+jarLoad.addFile("/usr/share/java/pki/pki-client.jar")
 jarLoad.addFile("/usr/share/java/pki/pki-cmsutil.jar")
 jarLoad.addFile("/usr/share/java/pki/pki-nsutil.jar")
 #     JSS JNI Jars
@@ -140,10 +141,10 @@ from org.mozilla.jss.util import Password
 
 
 # PKI Java Imports
-from com.netscape.cms.servlet.csadmin import ConfigurationRESTClient
-from com.netscape.cms.servlet.csadmin.model import CertData
-from com.netscape.cms.servlet.csadmin.model import ConfigurationData
-from com.netscape.cms.servlet.csadmin.model import ConfigurationResponseData
+from com.netscape.cms.client.system import SystemConfigClient
+from com.netscape.certsrv.system import SystemCertData
+from com.netscape.certsrv.system import ConfigurationRequest
+from com.netscape.certsrv.system import ConfigurationResponse
 from com.netscape.cmsutil.util import Utils
 from netscape.security.x509 import X500Name
 
@@ -262,7 +263,7 @@ class rest_client:
                        log.PKI_JYTHON_INITIALIZING_REST_CLIENT,
                        client_config.serverURI)
             if not pki_dry_run_flag:
-                self.client = ConfigurationRESTClient(client_config)
+                self.client = SystemConfigClient(client_config)
             return self.client
         except URISyntaxException, e:
             e.printStackTrace()
@@ -276,10 +277,10 @@ class rest_client:
                    log.PKI_JYTHON_CONSTRUCTING_PKI_DATA,
                    master['pki_subsystem'])
         if not master['pki_dry_run_flag']:
-            data = ConfigurationData()
+            data = ConfigurationRequest()
             # Miscellaneous Configuration Information
             data.setPin(sensitive['pki_one_time_pin'])
-            data.setToken(ConfigurationData.TOKEN_DEFAULT)
+            data.setToken(ConfigurationRequest.TOKEN_DEFAULT)
             if master['pki_instance_type'] == "Tomcat":
                 data.setSubsystemName(master['pki_subsystem_name'])
                 if master['pki_subsystem'] == "CA":
@@ -347,7 +348,7 @@ class rest_client:
                 # CA Clone, KRA Clone, OCSP Clone, TKS Clone, or
                 # Subordinate CA
                 data.setSecurityDomainType(
-                    ConfigurationData.EXISTING_DOMAIN)
+                    ConfigurationRequest.EXISTING_DOMAIN)
                 data.setSecurityDomainUri(
                     master['pki_security_domain_uri'])
                 data.setSecurityDomainUser(
@@ -357,7 +358,7 @@ class rest_client:
             elif not config.str2bool(master['pki_external']):
                 # PKI CA
                 data.setSecurityDomainType(
-                    ConfigurationData.NEW_DOMAIN)
+                    ConfigurationRequest.NEW_DOMAIN)
                 data.setSecurityDomainName(
                     master['pki_security_domain_name'])
             # Directory Server Information
@@ -428,7 +429,7 @@ class rest_client:
                 if not config.str2bool(master['pki_clone']):
                     if master['pki_subsystem'] == "CA":
                         # External CA, Subordinate CA, or PKI CA
-                        cert1 = CertData()
+                        cert1 = SystemCertData()
                         cert1.setTag(master['pki_ca_signing_tag'])
                         cert1.setKeyAlgorithm(
                             master['pki_ca_signing_key_algorithm'])
@@ -446,7 +447,7 @@ class rest_client:
                     if master['pki_subsystem'] == "CA" or\
                        master['pki_subsystem'] == "OCSP":
                         # External CA, Subordinate CA, PKI CA, or PKI OCSP
-                        cert2 = CertData()
+                        cert2 = SystemCertData()
                         cert2.setTag(master['pki_ocsp_signing_tag'])
                         cert2.setKeyAlgorithm(
                             master['pki_ocsp_signing_key_algorithm'])
@@ -464,7 +465,7 @@ class rest_client:
             #     PKI CA, PKI KRA, PKI OCSP, PKI TKS,
             #     PKI CA CLONE, PKI KRA CLONE, PKI OCSP CLONE, PKI TKS CLONE,
             #     External CA, or Subordinate CA
-            cert3 = CertData()
+            cert3 = SystemCertData()
             cert3.setTag(master['pki_ssl_server_tag'])
             cert3.setKeyAlgorithm(master['pki_ssl_server_key_algorithm'])
             cert3.setKeySize(master['pki_ssl_server_key_size'])
@@ -476,7 +477,7 @@ class rest_client:
             # Create 'Subsystem Certificate'
             if master['pki_instance_type'] == "Apache":
                 # PKI RA or PKI TPS
-                cert4 = CertData()
+                cert4 = SystemCertData()
                 cert4.setTag(master['pki_subsystem_tag'])
                 cert4.setKeyAlgorithm(master['pki_subsystem_key_algorithm'])
                 cert4.setKeySize(master['pki_subsystem_key_size'])
@@ -489,7 +490,7 @@ class rest_client:
                 if not config.str2bool(master['pki_clone']):
                     # PKI CA, PKI KRA, PKI OCSP, PKI TKS,
                     # External CA, or Subordinate CA
-                    cert4 = CertData()
+                    cert4 = SystemCertData()
                     cert4.setTag(master['pki_subsystem_tag'])
                     cert4.setKeyAlgorithm(master['pki_subsystem_key_algorithm'])
                     cert4.setKeySize(master['pki_subsystem_key_size'])
@@ -502,7 +503,7 @@ class rest_client:
             if master['pki_instance_type'] == "Apache":
                 if master['pki_subsystem'] != "RA":
                     # PKI TPS
-                    cert5 = CertData()
+                    cert5 = SystemCertData()
                     cert5.setTag(master['pki_audit_signing_tag'])
                     cert5.setKeyAlgorithm(
                         master['pki_audit_signing_key_algorithm'])
@@ -518,7 +519,7 @@ class rest_client:
                 if not config.str2bool(master['pki_clone']):
                     # PKI CA, PKI KRA, PKI OCSP, PKI TKS,
                     # External CA, or Subordinate CA
-                    cert5 = CertData()
+                    cert5 = SystemCertData()
                     cert5.setTag(master['pki_audit_signing_tag'])
                     cert5.setKeyAlgorithm(
                         master['pki_audit_signing_key_algorithm'])
@@ -535,7 +536,7 @@ class rest_client:
                 if not config.str2bool(master['pki_clone']):
                     if master['pki_subsystem'] == "KRA":
                         # PKI KRA
-                        cert6 = CertData()
+                        cert6 = SystemCertData()
                         cert6.setTag(master['pki_transport_tag'])
                         cert6.setKeyAlgorithm(
                             master['pki_transport_key_algorithm'])
@@ -552,7 +553,7 @@ class rest_client:
                 if not config.str2bool(master['pki_clone']):
                     if master['pki_subsystem'] == "KRA":
                         # PKI KRA
-                        cert7 = CertData()
+                        cert7 = SystemCertData()
                         cert7.setTag(master['pki_storage_tag'])
                         cert7.setKeyAlgorithm(
                             master['pki_storage_key_algorithm'])
diff --git a/base/java-tools/src/CMakeLists.txt b/base/java-tools/src/CMakeLists.txt
index e6152dcf9..8249a0086 100644
--- a/base/java-tools/src/CMakeLists.txt
+++ b/base/java-tools/src/CMakeLists.txt
@@ -31,59 +31,81 @@ find_file(XERCES_JAR
         /usr/share/java
 )
 
-set(pki-tools_java_SRCS
-    com/netscape/cmstools/PrettyPrintCrl.java
-    com/netscape/cmstools/BtoA.java
-    com/netscape/cmstools/PasswordCache.java
-    com/netscape/cmstools/OCSPClient.java
-    com/netscape/cmstools/PKCS12Export.java
-    com/netscape/cmstools/TestCRLSigning.java
-    com/netscape/cmstools/CRMFPopClient.java
-    com/netscape/cmstools/AuditVerify.java
-    com/netscape/cmstools/PrettyPrintCert.java
-    com/netscape/cmstools/HttpClient.java
-    com/netscape/cmstools/GenExtKeyUsage.java
-    com/netscape/cmstools/CMCRevoke.java
-    com/netscape/cmstools/TokenInfo.java
-    com/netscape/cmstools/CMCEnroll.java
-    com/netscape/cmstools/ExtJoiner.java
-    com/netscape/cmstools/CMCRequest.java
-    com/netscape/cmstools/AtoB.java
-    com/netscape/cmstools/GenIssuerAltNameExt.java
-    com/netscape/cmstools/GenSubjectAltNameExt.java
-    com/netscape/cmstools/CMCResponse.java
-    com/netscape/cmstools/PKCS10Client.java
-    com/netscape/cmstools/DRMTool.java
+# build pki-tools
+javac(pki-tools-classes
+    SOURCES
+        com/netscape/cmstools/*.java
+    CLASSPATH
+        ${PKI_NSUTIL_JAR} ${PKI_CMSUTIL_JAR}
+        ${XALAN_JAR} ${XERCES_JAR}
+        ${JSS_JAR} ${COMMONS_CODEC_JAR}
+    OUTPUT_DIR
+        ${CMAKE_BINARY_DIR}/classes
+    DEPENDS
+        pki-nsutil pki-cmsutil
 )
 
-set(CMAKE_JAVA_INCLUDE_PATH
-    ${PKI_NSUTIL_JAR} ${PKI_CMSUTIL_JAR}
-    ${XALAN_JAR} ${XERCES_JAR}
-    ${JSS_JAR} ${COMMONS_CODEC_JAR})
+jar(pki-tools-jar
+    CREATE
+        ${CMAKE_BINARY_DIR}/dist/pki-tools-${APPLICATION_VERSION}.jar
+    INPUT_DIR
+        ${CMAKE_BINARY_DIR}/classes
+    FILES
+        com/netscape/cmstools/*.class
+    DEPENDS
+        pki-tools-classes
+)
 
-set(CMAKE_JAVA_TARGET_VERSION ${APPLICATION_VERSION})
+link(pki-tools
+    SOURCE
+        ${CMAKE_BINARY_DIR}/dist/pki-tools.jar
+    DEST
+        pki-tools-${APPLICATION_VERSION}.jar
+    DEPENDS
+        pki-tools-jar
+)
+
+install(
+    FILES
+        ${CMAKE_BINARY_DIR}/dist/pki-tools.jar
+        ${CMAKE_BINARY_DIR}/dist/pki-tools-${APPLICATION_VERSION}.jar
+    DESTINATION
+        ${JAVA_JAR_INSTALL_DIR}/pki
+)
 
-# build pki-tools
-add_jar(pki-tools ${pki-tools_java_SRCS})
-add_dependencies(pki-tools pki-nsutil pki-cmsutil)
 install(
     FILES
         com/netscape/cmstools/DRMTool.cfg
     DESTINATION
-        ${SHARE_INSTALL_PREFIX}/pki/java-tools/
+        ${SHARE_INSTALL_PREFIX}/pki/java-tools
 )
-install_jar(pki-tools ${JAVA_JAR_INSTALL_DIR}/pki)
-set(PKI_TOOLS_JAR ${pki-tools_JAR_FILE} CACHE INTERNAL "pki-tools jar file")
+
+set(PKI_TOOLS_JAR ${CMAKE_BINARY_DIR}/dist/pki-tools.jar CACHE INTERNAL "pki-tools jar file")
 
 if(WITH_JAVADOC)
-    create_javadoc(pki-java-tools-${APPLICATION_VERSION}
-        FILES ${pki-tools_java_SRCS}
-        CLASSPATH ${CMAKE_JAVA_INCLUDE_PATH}
-        WINDOWTITLE "pki-java-tools"
-        DOCTITLE "<h1>pki-java-tools</h1>"
-        AUTHOR TRUE
-        USE TRUE
-        VERSION TRUE
+    javadoc(pki-tools-javadoc
+        DEST
+            ${CMAKE_CURRENT_BINARY_DIR}/javadoc/pki-java-tools-${APPLICATION_VERSION}
+        SUBPACKAGES
+            com.netscape.cmstools
+        CLASSPATH
+            ${PKI_NSUTIL_JAR} ${PKI_CMSUTIL_JAR}
+            ${XALAN_JAR} ${XERCES_JAR}
+            ${JSS_JAR} ${COMMONS_CODEC_JAR}
+        OPTIONS
+            -windowtitle 'pki-java-tools'
+            -doctitle '<h1>pki-java-tools</h1>'
+            -author
+            -use
+            -version
+        DEPENDS
+            pki-tools
+    )
+
+    install(
+        FILES
+            ${CMAKE_CURRENT_BINARY_DIR}/javadoc/pki-java-tools-${APPLICATION_VERSION}
+        DESTINATION
+            ${CMAKE_INSTALL_PREFIX}/share/javadoc
     )
-    add_dependencies(pki-java-tools-${APPLICATION_VERSION}_javadoc pki-tools)
 endif(WITH_JAVADOC)
diff --git a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java
index 62cdfe992..7035803ab 100644
--- a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java
+++ b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java
@@ -38,14 +38,15 @@ import org.mozilla.jss.crypto.SymmetricKey;
 import org.mozilla.jss.util.Password;
 
 import com.netscape.certsrv.dbs.keydb.KeyId;
+import com.netscape.certsrv.key.KeyData;
+import com.netscape.certsrv.key.KeyDataInfo;
+import com.netscape.certsrv.key.KeyRequestInfo;
+import com.netscape.certsrv.key.KeyRequestResource;
 import com.netscape.certsrv.request.RequestId;
-import com.netscape.cms.client.cli.ClientConfig;
-import com.netscape.cms.servlet.base.CMSResourceService;
-import com.netscape.cms.servlet.key.model.KeyData;
-import com.netscape.cms.servlet.key.model.KeyDataInfo;
-import com.netscape.cms.servlet.request.KeyRequestResource;
-import com.netscape.cms.servlet.request.RequestNotFoundException;
-import com.netscape.cms.servlet.request.model.KeyRequestInfo;
+import com.netscape.certsrv.request.RequestNotFoundException;
+import com.netscape.cms.client.ClientConfig;
+import com.netscape.cms.client.kra.DRMClient;
+import com.netscape.cms.servlet.base.PKIService;
 import com.netscape.cmsutil.crypto.CryptoUtil;
 import com.netscape.cmsutil.util.Utils;
 
@@ -194,13 +195,13 @@ public class DRMTest {
         // Set base URI and get client
 
 
-        DRMRestClient client;
+        DRMClient client;
         try {
             ClientConfig config = new ClientConfig();
             config.setServerURI(protocol + "://" + host + ":" + port + "/kra");
             config.setCertNickname(clientCertNickname);
 
-            client = new DRMRestClient(config);
+            client = new DRMClient(config);
 
         } catch (Exception e) {
             e.printStackTrace();
@@ -209,8 +210,8 @@ public class DRMTest {
 
         // Test 1: Get transport certificate from DRM
         transportCert = client.getTransportCert();
-        transportCert = transportCert.substring(CMSResourceService.HEADER.length(),
-                                                transportCert.indexOf(CMSResourceService.TRAILER));
+        transportCert = transportCert.substring(PKIService.HEADER.length(),
+                                                transportCert.indexOf(PKIService.TRAILER));
 
         log("Transport Cert retrieved from DRM: " + transportCert);
 
diff --git a/base/kra/src/CMakeLists.txt b/base/kra/src/CMakeLists.txt
index 71056ffa6..5f5e3f016 100644
--- a/base/kra/src/CMakeLists.txt
+++ b/base/kra/src/CMakeLists.txt
@@ -76,41 +76,47 @@ find_file(SYMKEY_JAR
 )
 
 
-# identify java sources
-set(pki-kra_java_SRCS
-    com/netscape/kra/KeyRecoveryAuthority.java
-    com/netscape/kra/KeyRecoveryAuthorityApplication.java
-    com/netscape/kra/EnrollmentService.java
-    com/netscape/kra/RecoveryService.java
-    com/netscape/kra/SecurityDataRecoveryService.java
-    com/netscape/kra/TokenKeyRecoveryService.java
-    com/netscape/kra/EncryptionUnit.java
-    com/netscape/kra/KRAService.java
-    com/netscape/kra/NetkeyKeygenService.java
-    com/netscape/kra/SecurityDataService.java
-    com/netscape/kra/KRANotify.java
-    com/netscape/kra/KRAPolicy.java
-    com/netscape/kra/TransportKeyUnit.java
-    com/netscape/kra/StorageKeyUnit.java
-    com/netscape/kra/ArchiveOptions.java
+# build pki-kra
+javac(pki-kra-classes
+    SOURCES
+        com/netscape/kra/*.java
+    CLASSPATH
+        ${PKI_CERTSRV_JAR} ${PKI_CMS_JAR} ${PKI_CMSCORE_JAR}
+        ${PKI_CMSUTIL_JAR} ${PKI_NSUTIL_JAR}
+        ${LDAPJDK_JAR} ${JAXRS_API_JAR}
+        ${JSS_JAR} ${COMMONS_CODEC_JAR} ${SYMKEY_JAR}
+    OUTPUT_DIR
+        ${CMAKE_BINARY_DIR}/classes
+    DEPENDS
+        symkey pki-nsutil pki-cmsutil pki-certsrv pki-cms pki-cmscore
 )
 
+jar(pki-kra-jar
+    CREATE
+        ${CMAKE_BINARY_DIR}/dist/pki-kra-${APPLICATION_VERSION}.jar
+    INPUT_DIR
+        ${CMAKE_BINARY_DIR}/classes
+    FILES
+        com/netscape/kra/*.class
+    DEPENDS
+        pki-kra-classes
+)
 
-# set classpath
-set(CMAKE_JAVA_INCLUDE_PATH
-    ${PKI_CERTSRV_JAR} ${PKI_CMS_JAR} ${PKI_CMSCORE_JAR}
-    ${PKI_CMSUTIL_JAR} ${PKI_NSUTIL_JAR}
-    ${LDAPJDK_JAR} ${JAXRS_API_JAR}
-    ${JSS_JAR} ${COMMONS_CODEC_JAR} ${SYMKEY_JAR})
-
-
-# set version
-set(CMAKE_JAVA_TARGET_VERSION ${APPLICATION_VERSION})
-
+link(pki-kra
+    SOURCE
+        ${CMAKE_BINARY_DIR}/dist/pki-kra.jar
+    DEST
+        pki-kra-${APPLICATION_VERSION}.jar
+    DEPENDS
+        pki-kra-jar
+)
 
-# build pki-kra.jar
-add_jar(pki-kra ${pki-kra_java_SRCS})
-add_dependencies(pki-kra symkey pki-nsutil pki-cmsutil pki-certsrv pki-cms pki-cmscore)
-install_jar(pki-kra ${JAVA_JAR_INSTALL_DIR}/pki)
-set(PKI_KRA_JAR ${pki-kra_JAR_FILE} CACHE INTERNAL "pki-kra jar file")
+install(
+    FILES
+        ${CMAKE_BINARY_DIR}/dist/pki-kra.jar
+        ${CMAKE_BINARY_DIR}/dist/pki-kra-${APPLICATION_VERSION}.jar
+    DESTINATION
+        ${JAVA_JAR_INSTALL_DIR}/pki
+)
 
+set(PKI_KRA_JAR ${CMAKE_BINARY_DIR}/dist/pki-kra.jar CACHE INTERNAL "pki-kra jar file")
diff --git a/base/kra/src/com/netscape/kra/KeyRecoveryAuthorityApplication.java b/base/kra/src/com/netscape/kra/KeyRecoveryAuthorityApplication.java
index 612b0ff18..f972fe4b5 100644
--- a/base/kra/src/com/netscape/kra/KeyRecoveryAuthorityApplication.java
+++ b/base/kra/src/com/netscape/kra/KeyRecoveryAuthorityApplication.java
@@ -5,15 +5,15 @@ import java.util.Set;
 
 import javax.ws.rs.core.Application;
 
-import com.netscape.cms.servlet.admin.GroupMemberResourceService;
-import com.netscape.cms.servlet.admin.GroupResourceService;
-import com.netscape.cms.servlet.admin.SystemCertificateResourceService;
-import com.netscape.cms.servlet.admin.UserCertResourceService;
-import com.netscape.cms.servlet.admin.UserResourceService;
-import com.netscape.cms.servlet.base.CMSException;
-import com.netscape.cms.servlet.csadmin.SystemConfigurationResourceService;
-import com.netscape.cms.servlet.key.KeyResourceService;
-import com.netscape.cms.servlet.request.KeyRequestResourceService;
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.cms.servlet.admin.GroupMemberService;
+import com.netscape.cms.servlet.admin.GroupService;
+import com.netscape.cms.servlet.admin.SystemCertService;
+import com.netscape.cms.servlet.admin.UserCertService;
+import com.netscape.cms.servlet.admin.UserService;
+import com.netscape.cms.servlet.csadmin.SystemConfigService;
+import com.netscape.cms.servlet.key.KeyService;
+import com.netscape.cms.servlet.request.KeyRequestService;
 
 public class KeyRecoveryAuthorityApplication extends Application {
 
@@ -22,23 +22,23 @@ public class KeyRecoveryAuthorityApplication extends Application {
 
     public KeyRecoveryAuthorityApplication() {
         // installer
-        classes.add(SystemConfigurationResourceService.class);
+        classes.add(SystemConfigService.class);
 
         // keys and keyrequests
-        classes.add(KeyResourceService.class);
-        classes.add(KeyRequestResourceService.class);
+        classes.add(KeyService.class);
+        classes.add(KeyRequestService.class);
 
         // user and group management
-        classes.add(GroupMemberResourceService.class);
-        classes.add(GroupResourceService.class);
-        classes.add(UserCertResourceService.class);
-        classes.add(UserResourceService.class);
+        classes.add(GroupMemberService.class);
+        classes.add(GroupService.class);
+        classes.add(UserCertService.class);
+        classes.add(UserService.class);
 
         // system certs
-        classes.add(SystemCertificateResourceService.class);
+        classes.add(SystemCertService.class);
 
         // exception mapper
-        classes.add(CMSException.Mapper.class);
+        classes.add(PKIException.Mapper.class);
 
     }
 
diff --git a/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java b/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java
index 527548381..afe4ed6ea 100644
--- a/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java
+++ b/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java
@@ -54,13 +54,13 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.keydb.IKeyRecord;
 import com.netscape.certsrv.dbs.keydb.IKeyRepository;
+import com.netscape.certsrv.key.KeyRequestResource;
 import com.netscape.certsrv.kra.EKRAException;
 import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.IService;
 import com.netscape.certsrv.security.IStorageKeyUnit;
 import com.netscape.certsrv.security.ITransportKeyUnit;
-import com.netscape.cms.servlet.request.KeyRequestResource;
 import com.netscape.cmscore.dbs.KeyRecord;
 import com.netscape.cmsutil.util.Utils;
 
diff --git a/base/kra/src/com/netscape/kra/SecurityDataService.java b/base/kra/src/com/netscape/kra/SecurityDataService.java
index fa009dac9..8a5886fa5 100644
--- a/base/kra/src/com/netscape/kra/SecurityDataService.java
+++ b/base/kra/src/com/netscape/kra/SecurityDataService.java
@@ -19,6 +19,8 @@ package com.netscape.kra;
 
 import java.math.BigInteger;
 import org.mozilla.jss.crypto.SymmetricKey;
+
+import com.netscape.certsrv.key.KeyRequestResource;
 import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.profile.IEnrollProfile;
@@ -30,7 +32,6 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.keydb.IKeyRecord;
 import com.netscape.certsrv.dbs.keydb.IKeyRepository;
 import com.netscape.certsrv.apps.CMS;
-import com.netscape.cms.servlet.request.KeyRequestResource;
 import com.netscape.cmscore.dbs.KeyRecord;
 import com.netscape.cmsutil.util.Utils;
 
diff --git a/base/ocsp/src/CMakeLists.txt b/base/ocsp/src/CMakeLists.txt
index 932b4d234..34b1ec4c2 100644
--- a/base/ocsp/src/CMakeLists.txt
+++ b/base/ocsp/src/CMakeLists.txt
@@ -76,31 +76,47 @@ find_file(SYMKEY_JAR
 )
 
 
-# identify java sources
-set(pki-ocsp_java_SRCS
-    com/netscape/ocsp/OCSPResources.java
-    com/netscape/ocsp/OCSPAuthority.java
-    com/netscape/ocsp/OCSPApplication.java
-    com/netscape/ocsp/SigningUnit.java
-    com/netscape/ocsp/EOCSPException.java
+# build pki-ocsp
+javac(pki-ocsp-classes
+    SOURCES
+        com/netscape/ocsp/*.java
+    CLASSPATH
+        ${PKI_CERTSRV_JAR} ${PKI_CMS_JAR} ${PKI_CMSCORE_JAR}
+        ${PKI_CMSUTIL_JAR} ${PKI_NSUTIL_JAR}
+        ${LDAPJDK_JAR} ${JAXRS_API_JAR}
+        ${JSS_JAR} ${COMMONS_CODEC_JAR} ${SYMKEY_JAR}
+    OUTPUT_DIR
+        ${CMAKE_BINARY_DIR}/classes
+    DEPENDS
+        symkey pki-nsutil pki-cmsutil pki-certsrv pki-cms pki-cmscore
 )
 
+jar(pki-ocsp-jar
+    CREATE
+        ${CMAKE_BINARY_DIR}/dist/pki-ocsp-${APPLICATION_VERSION}.jar
+    INPUT_DIR
+        ${CMAKE_BINARY_DIR}/classes
+    FILES
+        com/netscape/ocsp/*.class
+    DEPENDS
+        pki-ocsp-classes
+)
 
-# set classpath
-set(CMAKE_JAVA_INCLUDE_PATH
-    ${PKI_CERTSRV_JAR} ${PKI_CMS_JAR} ${PKI_CMSCORE_JAR}
-    ${PKI_CMSUTIL_JAR} ${PKI_NSUTIL_JAR}
-    ${LDAPJDK_JAR} ${JAXRS_API_JAR}
-    ${JSS_JAR} ${COMMONS_CODEC_JAR} ${SYMKEY_JAR})
-
-
-# set version
-set(CMAKE_JAVA_TARGET_VERSION ${APPLICATION_VERSION})
-
+link(pki-ocsp
+    SOURCE
+        ${CMAKE_BINARY_DIR}/dist/pki-ocsp.jar
+    DEST
+        pki-ocsp-${APPLICATION_VERSION}.jar
+    DEPENDS
+        pki-ocsp-jar
+)
 
-# build pki-ocsp.jar
-add_jar(pki-ocsp ${pki-ocsp_java_SRCS})
-add_dependencies(pki-ocsp symkey pki-nsutil pki-cmsutil pki-certsrv pki-cms pki-cmscore)
-install_jar(pki-ocsp ${JAVA_JAR_INSTALL_DIR}/pki)
-set(PKI_OCSP_JAR ${pki-ocsp_JAR_FILE} CACHE INTERNAL "pki-ocsp jar file")
+install(
+    FILES
+        ${CMAKE_BINARY_DIR}/dist/pki-ocsp.jar
+        ${CMAKE_BINARY_DIR}/dist/pki-ocsp-${APPLICATION_VERSION}.jar
+    DESTINATION
+        ${JAVA_JAR_INSTALL_DIR}/pki
+)
 
+set(PKI_OCSP_JAR ${CMAKE_BINARY_DIR}/dist/pki-ocsp.jar CACHE INTERNAL "pki-ocsp jar file")
diff --git a/base/ocsp/src/com/netscape/ocsp/OCSPApplication.java b/base/ocsp/src/com/netscape/ocsp/OCSPApplication.java
index 5e70fe49f..498aa63ab 100644
--- a/base/ocsp/src/com/netscape/ocsp/OCSPApplication.java
+++ b/base/ocsp/src/com/netscape/ocsp/OCSPApplication.java
@@ -5,13 +5,13 @@ import java.util.Set;
 
 import javax.ws.rs.core.Application;
 
-import com.netscape.cms.servlet.admin.GroupMemberResourceService;
-import com.netscape.cms.servlet.admin.GroupResourceService;
-import com.netscape.cms.servlet.admin.SystemCertificateResourceService;
-import com.netscape.cms.servlet.admin.UserCertResourceService;
-import com.netscape.cms.servlet.admin.UserResourceService;
-import com.netscape.cms.servlet.base.CMSException;
-import com.netscape.cms.servlet.csadmin.SystemConfigurationResourceService;
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.cms.servlet.admin.GroupMemberService;
+import com.netscape.cms.servlet.admin.GroupService;
+import com.netscape.cms.servlet.admin.SystemCertService;
+import com.netscape.cms.servlet.admin.UserCertService;
+import com.netscape.cms.servlet.admin.UserService;
+import com.netscape.cms.servlet.csadmin.SystemConfigService;
 
 public class OCSPApplication extends Application {
 
@@ -20,19 +20,19 @@ public class OCSPApplication extends Application {
 
     public OCSPApplication() {
         // installer
-        classes.add(SystemConfigurationResourceService.class);
+        classes.add(SystemConfigService.class);
 
         // user and group management
-        classes.add(GroupMemberResourceService.class);
-        classes.add(GroupResourceService.class);
-        classes.add(UserCertResourceService.class);
-        classes.add(UserResourceService.class);
+        classes.add(GroupMemberService.class);
+        classes.add(GroupService.class);
+        classes.add(UserCertService.class);
+        classes.add(UserService.class);
 
         // system certs
-        classes.add(SystemCertificateResourceService.class);
+        classes.add(SystemCertService.class);
 
         // exception mapper
-        classes.add(CMSException.Mapper.class);
+        classes.add(PKIException.Mapper.class);
     }
 
     public Set<Class<?>> getClasses() {
diff --git a/base/setup/pki b/base/setup/pki
index 90c863f35..598d8f310 100755
--- a/base/setup/pki
+++ b/base/setup/pki
@@ -72,7 +72,7 @@ if( $ARCHITECTURE eq "i386" ) {
 ###############################################################################
 
 $ENV{CLASSPATH} = "/usr/share/java/${PRODUCT}/pki-certsrv.jar:"
-                . "/usr/share/java/${PRODUCT}/pki-cms.jar:"
+                . "/usr/share/java/${PRODUCT}/pki-client.jar:"
                 . "/usr/share/java/${PRODUCT}/pki-nsutil.jar:"
                 . "/usr/share/java/apache-commons-cli.jar:"
                 . "/usr/share/java/apache-commons-codec.jar:"
diff --git a/base/silent/src/CMakeLists.txt b/base/silent/src/CMakeLists.txt
index a3e6034f8..0240439ce 100644
--- a/base/silent/src/CMakeLists.txt
+++ b/base/silent/src/CMakeLists.txt
@@ -24,59 +24,50 @@ find_file(XERCES_JAR
         /usr/share/java
 )
 
-set(pki-silent_java_SRCS
-     com/netscape/pkisilent/ConfigureTKS.java
-     com/netscape/pkisilent/ConfigureCA.java
-     com/netscape/pkisilent/argparser/CharHolder.java
-     com/netscape/pkisilent/argparser/ArgParseException.java
-     com/netscape/pkisilent/argparser/StringHolder.java
-     com/netscape/pkisilent/argparser/SimpleExample.java
-     com/netscape/pkisilent/argparser/ArgParser.java
-     com/netscape/pkisilent/argparser/DoubleHolder.java
-     com/netscape/pkisilent/argparser/ObjectHolder.java
-     com/netscape/pkisilent/argparser/FloatHolder.java
-     com/netscape/pkisilent/argparser/BooleanHolder.java
-     com/netscape/pkisilent/argparser/StringScanException.java
-     com/netscape/pkisilent/argparser/StringScanner.java
-     com/netscape/pkisilent/argparser/LongHolder.java
-     com/netscape/pkisilent/argparser/IntHolder.java
-     com/netscape/pkisilent/ConfigureTPS.java
-     com/netscape/pkisilent/http/HTTPClient.java
-     com/netscape/pkisilent/http/HTMLDocument.java
-     com/netscape/pkisilent/http/HTTPResponse.java
-     com/netscape/pkisilent/http/CertSelection.java
-     com/netscape/pkisilent/common/Request.java
-     com/netscape/pkisilent/common/CertificateRecord.java
-     com/netscape/pkisilent/common/Utilities.java
-     com/netscape/pkisilent/common/ComCrypto.java
-     com/netscape/pkisilent/common/BaseState.java
-     com/netscape/pkisilent/common/CMSLDAP.java
-     com/netscape/pkisilent/common/CMSConfig.java
-     com/netscape/pkisilent/common/PostQuery.java
-     com/netscape/pkisilent/common/ServerInfo.java
-     com/netscape/pkisilent/common/UserEnroll.java
-     com/netscape/pkisilent/common/ParseXML.java
-     com/netscape/pkisilent/common/CMSProperties.java
-     com/netscape/pkisilent/common/DirEnroll.java
-     com/netscape/pkisilent/common/Con2Agent.java
-     com/netscape/pkisilent/common/TestClient.java
-     com/netscape/pkisilent/common/CMSTask.java
-     com/netscape/pkisilent/ConfigureOCSP.java
-     com/netscape/pkisilent/ConfigureRA.java
-     com/netscape/pkisilent/ConfigureSubCA.java
-     com/netscape/pkisilent/ConfigureDRM.java
-     com/netscape/pkisilent/PKISilent.java
+# build pki-silent
+javac(pki-silent-classes
+    SOURCES
+        com/netscape/pkisilent/*.java
+    CLASSPATH
+        ${PKI_CERTSRV_JAR} ${PKI_CMS_JAR}
+        ${PKI_CMSUTIL_JAR} ${PKI_NSUTIL_JAR}
+        ${LDAPJDK_JAR} ${XERCES_JAR}
+        ${JSS_JAR} ${COMMONS_CODEC_JAR} ${SYMKEY_JAR}
+    OUTPUT_DIR
+        ${CMAKE_BINARY_DIR}/classes
+    DEPENDS
+        symkey pki-cmsutil pki-nsutil pki-certsrv pki-cms
 )
 
-set(CMAKE_JAVA_INCLUDE_PATH
-    ${PKI_CERTSRV_JAR} ${PKI_CMS_JAR}
-    ${PKI_CMSUTIL_JAR} ${PKI_NSUTIL_JAR}
-    ${LDAPJDK_JAR} ${XERCES_JAR}
-    ${JSS_JAR} ${COMMONS_CODEC_JAR} ${SYMKEY_JAR})
+jar(pki-silent-jar
+    CREATE
+        ${CMAKE_BINARY_DIR}/dist/pki-silent-${APPLICATION_VERSION}.jar
+    INPUT_DIR
+        ${CMAKE_BINARY_DIR}/classes
+    FILES
+        com/netscape/pkisilent/*.class
+    EXCLUDE
+        com/netscape/pkisilent/argparser/ArgParserTest*.class
+        com/netscape/pkisilent/common/checkRequest.class
+    DEPENDS
+        pki-silent-classes
+)
+
+link(pki-silent
+    SOURCE
+        ${CMAKE_BINARY_DIR}/dist/pki-silent.jar
+    DEST
+        pki-silent-${APPLICATION_VERSION}.jar
+    DEPENDS
+        pki-silent-jar
+)
 
-set(CMAKE_JAVA_TARGET_VERSION ${APPLICATION_VERSION})
+install(
+    FILES
+        ${CMAKE_BINARY_DIR}/dist/pki-silent.jar
+        ${CMAKE_BINARY_DIR}/dist/pki-silent-${APPLICATION_VERSION}.jar
+    DESTINATION
+        ${JAVA_JAR_INSTALL_DIR}/pki
+)
 
-add_jar(pki-silent ${pki-silent_java_SRCS})
-add_dependencies(pki-silent symkey pki-cmsutil pki-nsutil pki-certsrv pki-cms)
-install_jar(pki-silent ${JAVA_JAR_INSTALL_DIR}/pki)
-set(PKI_SILENT_JAR ${pki-silent_JAR_FILE} CACHE INTERNAL "pki-silent jar file")
+set(PKI_SILENT_JAR ${CMAKE_BINARY_DIR}/dist/pki-silent.jar CACHE INTERNAL "pki-silent jar file")
diff --git a/base/symkey/src/CMakeLists.txt b/base/symkey/src/CMakeLists.txt
index 599a7cb5a..b4d190602 100644
--- a/base/symkey/src/CMakeLists.txt
+++ b/base/symkey/src/CMakeLists.txt
@@ -8,17 +8,49 @@ find_file(JSS_JAR
     /usr/share/java
 )
 
-set(symkey_java_SRCS
-    com/netscape/symkey/SessionKey.java
+# build symkey
+javac(symkey-classes
+    SOURCES
+        com/netscape/symkey/*.java
+    CLASSPATH
+        ${JSS_JAR}
+    OUTPUT_DIR
+        ${CMAKE_BINARY_DIR}/classes
 )
 
-set(CMAKE_JNI_TARGET TRUE)
-set(CMAKE_JAVA_INCLUDE_PATH ${JSS_JAR})
-set(CMAKE_JAVA_TARGET_VERSION ${APPLICATION_VERSION})
+jar(symkey-jar
+    CREATE
+        ${CMAKE_BINARY_DIR}/dist/symkey-${APPLICATION_VERSION}.jar
+    INPUT_DIR
+        ${CMAKE_BINARY_DIR}/classes
+    FILES
+        com/netscape/symkey/*.class
+    DEPENDS
+        symkey-classes
+)
+
+link(symkey
+    SOURCE
+        ${CMAKE_BINARY_DIR}/dist/symkey.jar
+    DEST
+        symkey-${APPLICATION_VERSION}.jar
+    DEPENDS
+        symkey-jar
+)
 
-add_jar(symkey ${symkey_java_SRCS})
-install_jar(symkey ${LIB_INSTALL_DIR}/symkey)
-install_jni_symlink(symkey ${JAVA_LIB_INSTALL_DIR})
+install(
+    FILES
+        ${CMAKE_BINARY_DIR}/dist/symkey.jar
+        ${CMAKE_BINARY_DIR}/dist/symkey-${APPLICATION_VERSION}.jar
+    DESTINATION
+        ${LIB_INSTALL_DIR}/symkey
+)
+
+install(
+    FILES
+        ${CMAKE_BINARY_DIR}/dist/symkey.jar
+    DESTINATION
+        ${JAVA_LIB_INSTALL_DIR}
+)
 
-set(SYMKEY_JAVA_OBJECT_DIR ${symkey_CLASS_DIR} PARENT_SCOPE)
-set(SYMKEY_JAR ${symkey_JAR_FILE} CACHE INTERNAL "symkey jar file")
+set(SYMKEY_JAR ${CMAKE_BINARY_DIR}/dist/symkey.jar CACHE INTERNAL "symkey jar file")
diff --git a/base/symkey/src/com/netscape/symkey/CMakeLists.txt b/base/symkey/src/com/netscape/symkey/CMakeLists.txt
index 47d40a3f1..683d86dd1 100644
--- a/base/symkey/src/com/netscape/symkey/CMakeLists.txt
+++ b/base/symkey/src/com/netscape/symkey/CMakeLists.txt
@@ -41,7 +41,7 @@ add_custom_command(
         ${symkey_library_HDRS}
     COMMAND
         ${JAVA_HEADER}
-            -classpath ${SYMKEY_JAVA_OBJECT_DIR}:${JAVA_LIB_INSTALL_DIR}/jss4.jar
+            -classpath ${CMAKE_BINARY_DIR}/classes:${JAVA_LIB_INSTALL_DIR}/jss4.jar
             -jni -d ${CMAKE_CURRENT_BINARY_DIR}
             com.netscape.symkey.SessionKey
 )
diff --git a/base/test/src/CMakeLists.txt b/base/test/src/CMakeLists.txt
index 3631baa73..5e7c12d64 100644
--- a/base/test/src/CMakeLists.txt
+++ b/base/test/src/CMakeLists.txt
@@ -1,20 +1,12 @@
 project(pki-test_java Java)
 
-# TODO: create CMake function to find all Java files
-set(pki-test_java_SRCS
-    com/netscape/test/TestListener.java
-    com/netscape/test/TestRunner.java
-)
-
-set(CMAKE_JAVA_INCLUDE_PATH
-    ${XALAN_JAR} ${XERCES_JAR} ${JUNIT_JAR}
-)
-
-set(CMAKE_JAVA_TARGET_VERSION ${APPLICATION_VERSION})
-
-# build test jar file
-# TODO: create CMake function to compile without building jar file
+# build pki-test
 # TODO: build test only when the test is invoked
-set(CMAKE_JAR_CLASSES_PREFIX com/netscape)
-add_jar(pki-test ${pki-test_java_SRCS})
-set(PKI_TEST_JAR ${pki-test_JAR_FILE} CACHE INTERNAL "pki-test jar file")
\ No newline at end of file
+javac(pki-test-classes
+    SOURCES
+        com/netscape/test/*.java
+    CLASSPATH
+        ${XALAN_JAR} ${XERCES_JAR} ${JUNIT_JAR}
+    OUTPUT_DIR
+        ${CMAKE_BINARY_DIR}/test/classes
+)
diff --git a/base/tks/src/CMakeLists.txt b/base/tks/src/CMakeLists.txt
index dfd3d5668..10660f511 100644
--- a/base/tks/src/CMakeLists.txt
+++ b/base/tks/src/CMakeLists.txt
@@ -77,28 +77,47 @@ find_file(SYMKEY_JAR
 )
 
 
-# identify java sources
-set(pki-tks_java_SRCS
-    com/netscape/tks/TKSAuthority.java
-    com/netscape/tks/TKSApplication.java
+# build pki-tks
+javac(pki-tks-classes
+    SOURCES
+        com/netscape/tks/*.java
+    CLASSPATH
+        ${PKI_CERTSRV_JAR} ${PKI_CMS_JAR} ${PKI_CMSCORE_JAR}
+        ${PKI_CMSUTIL_JAR} ${PKI_NSUTIL_JAR}
+        ${LDAPJDK_JAR} ${JAXRS_API_JAR}
+        ${JSS_JAR} ${COMMONS_CODEC_JAR} ${SYMKEY_JAR}
+    OUTPUT_DIR
+        ${CMAKE_BINARY_DIR}/classes
+    DEPENDS
+        symkey pki-nsutil pki-cmsutil pki-certsrv pki-cms pki-cmscore
 )
 
+jar(pki-tks-jar
+    CREATE
+        ${CMAKE_BINARY_DIR}/dist/pki-tks-${APPLICATION_VERSION}.jar
+    INPUT_DIR
+        ${CMAKE_BINARY_DIR}/classes
+    FILES
+        com/netscape/tks/*.class
+    DEPENDS
+        pki-tks-classes
+)
 
-# set classpath
-set(CMAKE_JAVA_INCLUDE_PATH
-    ${PKI_CERTSRV_JAR} ${PKI_CMS_JAR} ${PKI_CMSCORE_JAR}
-    ${PKI_CMSUTIL_JAR} ${PKI_NSUTIL_JAR}
-    ${LDAPJDK_JAR} ${JAXRS_API_JAR}
-    ${JSS_JAR} ${COMMONS_CODEC_JAR} ${SYMKEY_JAR})
-
-
-# set version
-set(CMAKE_JAVA_TARGET_VERSION ${APPLICATION_VERSION})
-
+link(pki-tks
+    SOURCE
+        ${CMAKE_BINARY_DIR}/dist/pki-tks.jar
+    DEST
+        pki-tks-${APPLICATION_VERSION}.jar
+    DEPENDS
+        pki-tks-jar
+)
 
-# build pki-tks.jar
-add_jar(pki-tks ${pki-tks_java_SRCS})
-add_dependencies(pki-tks symkey pki-nsutil pki-cmsutil pki-certsrv pki-cms pki-cmscore)
-install_jar(pki-tks ${JAVA_JAR_INSTALL_DIR}/pki)
-set(PKI_TKS_JAR ${pki-tks_JAR_FILE} CACHE INTERNAL "pki-tks jar file")
+install(
+    FILES
+        ${CMAKE_BINARY_DIR}/dist/pki-tks.jar
+        ${CMAKE_BINARY_DIR}/dist/pki-tks-${APPLICATION_VERSION}.jar
+    DESTINATION
+        ${JAVA_JAR_INSTALL_DIR}/pki
+)
 
+set(PKI_TKS_JAR ${CMAKE_BINARY_DIR}/dist/pki-tks.jar CACHE INTERNAL "pki-tks jar file")
diff --git a/base/tks/src/com/netscape/tks/TKSApplication.java b/base/tks/src/com/netscape/tks/TKSApplication.java
index df3c293bd..a3d43f661 100644
--- a/base/tks/src/com/netscape/tks/TKSApplication.java
+++ b/base/tks/src/com/netscape/tks/TKSApplication.java
@@ -5,13 +5,13 @@ import java.util.Set;
 
 import javax.ws.rs.core.Application;
 
-import com.netscape.cms.servlet.admin.GroupMemberResourceService;
-import com.netscape.cms.servlet.admin.GroupResourceService;
-import com.netscape.cms.servlet.admin.SystemCertificateResourceService;
-import com.netscape.cms.servlet.admin.UserCertResourceService;
-import com.netscape.cms.servlet.admin.UserResourceService;
-import com.netscape.cms.servlet.base.CMSException;
-import com.netscape.cms.servlet.csadmin.SystemConfigurationResourceService;
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.cms.servlet.admin.GroupMemberService;
+import com.netscape.cms.servlet.admin.GroupService;
+import com.netscape.cms.servlet.admin.SystemCertService;
+import com.netscape.cms.servlet.admin.UserCertService;
+import com.netscape.cms.servlet.admin.UserService;
+import com.netscape.cms.servlet.csadmin.SystemConfigService;
 
 public class TKSApplication extends Application {
 
@@ -20,19 +20,19 @@ public class TKSApplication extends Application {
 
     public TKSApplication() {
         // installer
-        classes.add(SystemConfigurationResourceService.class);
+        classes.add(SystemConfigService.class);
 
         // user and group management
-        classes.add(GroupMemberResourceService.class);
-        classes.add(GroupResourceService.class);
-        classes.add(UserCertResourceService.class);
-        classes.add(UserResourceService.class);
+        classes.add(GroupMemberService.class);
+        classes.add(GroupService.class);
+        classes.add(UserCertService.class);
+        classes.add(UserService.class);
 
         // system certs
-        classes.add(SystemCertificateResourceService.class);
+        classes.add(SystemCertService.class);
 
         // exception mapper
-        classes.add(CMSException.Mapper.class);
+        classes.add(PKIException.Mapper.class);
     }
 
     public Set<Class<?>> getClasses() {
diff --git a/base/util/test/CMakeLists.txt b/base/util/test/CMakeLists.txt
index 592f3dbbb..28aae0a14 100644
--- a/base/util/test/CMakeLists.txt
+++ b/base/util/test/CMakeLists.txt
@@ -1,46 +1,29 @@
 project(pki-util-test Java)
 
-# TODO: create CMake function to find all Java files
-set(pki-util-test_SRCS
-    com/netscape/security/util/BMPStringTest.java
-    com/netscape/security/util/IA5StringTest.java
-    com/netscape/security/util/JSSUtil.java
-    com/netscape/security/util/PrintableStringTest.java
-    com/netscape/security/util/StringTestUtil.java
-    com/netscape/security/util/TeletexStringTest.java
-    com/netscape/security/util/UniversalStringTest.java
-    com/netscape/security/util/UTF8StringTest.java
-    com/netscape/security/x509/ConverterTestUtil.java
-    com/netscape/security/x509/DirStrConverterTest.java
-    com/netscape/security/x509/GenericValueConverterTest.java
-    com/netscape/security/x509/IA5StringConverterTest.java
-    com/netscape/security/x509/PrintableConverterTest.java
-)
-
-set(CMAKE_JAVA_INCLUDE_PATH
-    ${PKI_NSUTIL_JAR} ${PKI_CMSUTIL_JAR}
-    ${JSS_JAR} ${LDAPJDK_JAR} ${COMMONS_CODEC_JAR} ${XALAN_JAR} ${XERCES_JAR}
-    ${PKI_TEST_JAR} ${JUNIT_JAR}
-)
-
-set(CMAKE_JAVA_TARGET_VERSION ${APPLICATION_VERSION})
-
-# build test jar file
-# TODO: create CMake function to compile without building jar file
+# build pki-util-test
 # TODO: build test only when the test is invoked
-set(CMAKE_JAR_CLASSES_PREFIX com/netscape)
-add_jar(pki-util-test ${pki-util-test_SRCS})
-add_dependencies(pki-util-test pki-nsutil pki-cmsutil pki-test)
+javac(pki-util-test-classes
+    SOURCES
+        com/netscape/security/util/*.java
+        com/netscape/security/x509/*.java
+    CLASSPATH
+        ${PKI_NSUTIL_JAR} ${PKI_CMSUTIL_JAR}
+        ${JSS_JAR} ${LDAPJDK_JAR} ${COMMONS_CODEC_JAR} ${XALAN_JAR} ${XERCES_JAR}
+        ${PKI_TEST_JAR} ${JUNIT_JAR}
+    OUTPUT_DIR
+        ${CMAKE_BINARY_DIR}/test/classes
+    DEPENDS
+        pki-test-classes pki-nsutil pki-cmsutil
+)
 
 # create test target
 # do not include xalan and xerces in class path
 # TODO: create CMake function to find all JUnit test classes
 add_junit_test(test-pki-util
     CLASSPATH
-        ${pki-util-test_JAR_FILE}
         ${PKI_NSUTIL_JAR} ${PKI_CMSUTIL_JAR}
-        ${JSS_JAR} ${LDAPJDK_JAR} ${COMMONS_CODEC_JAR}
-        ${PKI_TEST_JAR} ${JUNIT_JAR}
+        ${JSS_JAR} ${LDAPJDK_JAR} ${COMMONS_CODEC_JAR} ${JUNIT_JAR}
+        ${CMAKE_BINARY_DIR}/test/classes
     TESTS
         com.netscape.security.util.BMPStringTest
         com.netscape.security.util.IA5StringTest
diff --git a/cmake/Modules/Java.cmake b/cmake/Modules/Java.cmake
index bd2855baf..78f14a22a 100644
--- a/cmake/Modules/Java.cmake
+++ b/cmake/Modules/Java.cmake
@@ -67,6 +67,8 @@ function(javac target)
 
     add_custom_target(${target} ALL DEPENDS ${depends})
 
+    file(MAKE_DIRECTORY ${output_dir})
+
     add_custom_command(
         TARGET ${target}
         COMMAND ${CMAKE_COMMAND}
@@ -77,6 +79,7 @@ function(javac target)
             -P ${CMAKE_MODULE_PATH}/JavaFileList.cmake
         COMMAND ${CMAKE_Java_COMPILER}
             ${CMAKE_JAVA_COMPILE_FLAGS}
+            -encoding UTF-8
             -cp ${native_classpath}
             -d ${output_dir}
             @${file_list}
diff --git a/dogtag/console-ui/src/CMakeLists.txt b/dogtag/console-ui/src/CMakeLists.txt
index bc8995a12..c6c4fcb3b 100644
--- a/dogtag/console-ui/src/CMakeLists.txt
+++ b/dogtag/console-ui/src/CMakeLists.txt
@@ -1,18 +1,35 @@
 set(pki-console-theme_java Java)
 
-set(pki-console-theme_java_RCS
-    CMSAdminRS.properties
-    com/netscape/management/client/theme/theme.properties
-    com/netscape/management/client/theme/images/login.gif
-    com/netscape/management/client/theme/images/ConsoleBanner.gif
-    com/netscape/management/client/theme/images/logo16.gif
-    com/netscape/management/client/theme/images/logo32.gif
-    com/netscape/admin/certsrv/theme/certmgmt.gif
+jar(pki-console-theme-jar
+    CREATE
+        ${CMAKE_BINARY_DIR}/dist/pki-console-theme-${APPLICATION_VERSION}.jar
+    FILES
+        CMSAdminRS.properties
+        com/netscape/management/client/theme/theme.properties
+        com/netscape/management/client/theme/images/login.gif
+        com/netscape/management/client/theme/images/ConsoleBanner.gif
+        com/netscape/management/client/theme/images/logo16.gif
+        com/netscape/management/client/theme/images/logo32.gif
+        com/netscape/admin/certsrv/theme/certmgmt.gif
 )
 
-set(CMAKE_JAVA_TARGET_VERSION ${APPLICATION_VERSION})
+link(pki-console-theme
+    SOURCE
+        ${CMAKE_BINARY_DIR}/dist/pki-console-theme.jar
+    DEST
+        pki-console-theme-${APPLICATION_VERSION}.jar
+    DEPENDS
+        pki-console-theme-jar
+)
 
-add_jar(pki-console-theme ${pki-console-theme_java_RCS})
-install_jar(pki-console-theme ${JAVA_JAR_INSTALL_DIR}/pki)
-set(PKI_CONSOLE_THEME_JAR ${pki-console-theme_JAR_FILE} CACHE INTERNAL "pki-console-theme jar file")
+install(
+    FILES
+        ${CMAKE_BINARY_DIR}/dist/pki-console-theme.jar
+        ${CMAKE_BINARY_DIR}/dist/pki-console-theme-${APPLICATION_VERSION}.jar
+    DESTINATION
+        ${JAVA_JAR_INSTALL_DIR}/pki
+)
 
+set(PKI_CONSOLE_THEME_JAR ${CMAKE_BINARY_DIR}/dist/pki-console-theme.jar
+    CACHE INTERNAL "pki-console-theme jar file"
+)
diff --git a/specs/pki-core.spec b/specs/pki-core.spec
index 87c610c2d..5d682be87 100644
--- a/specs/pki-core.spec
+++ b/specs/pki-core.spec
@@ -14,7 +14,7 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
 
 Name:             pki-core
 Version:          10.0.0
-Release:          %{?relprefix}21%{?prerel}%{?dist}
+Release:          %{?relprefix}22%{?prerel}%{?dist}
 Summary:          Certificate System - PKI Core Components
 URL:              http://pki.fedoraproject.org/
 License:          GPLv2
@@ -1260,6 +1260,8 @@ fi
 %endif
 %{_javadir}/pki/pki-certsrv-%{version}.jar
 %{_javadir}/pki/pki-certsrv.jar
+%{_javadir}/pki/pki-client-%{version}.jar
+%{_javadir}/pki/pki-client.jar
 %{_javadir}/pki/pki-cms-%{version}.jar
 %{_javadir}/pki/pki-cms.jar
 %{_javadir}/pki/pki-cmsbundle-%{version}.jar
@@ -1424,6 +1426,9 @@ fi
 
 
 %changelog
+* Mon Aug 13 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.22.a1
+- Added pki-client.jar.
+
 * Fri Jul 27 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.21.a1
 - Merged pki-jndi-realm.jar into pki-cmscore.jar.