The CRMFPopClient utility is a tool to send a Certificate Request Message Format (CRMF) request to a Certificate System CA with the request encoded with proof of possession (POP) data that can be verified by the CA server. If a client provides POP information with a request, the server can verify that the requester possesses the private key for the new certificate.
The tool does all of the following:
Has the CA enforce or verify POP information encoded within a CRMF request.
Makes simple certificate requests without using the standard Certificate System agent page or interface.
Makes a simple certificate request that includes a transport certificate for key archival from the DRM.
There are two syntax styles for the CRMFPopClient utility, depending on the intended use:
CRMFPopClient token_password authenticator host port username password [pop_option] subject_dn [OUTPUT_CERT_REQ]
CRMFPopClient token_password [pop_option] OUTPUT_CERT_REQ subject_dn
| Option | Description |
|---|---|
| token_password |
The password for the cryptographic token. |
| authenticator |
The authentication manager within the Certificate System; this is most often set to nullAuthMgr |
| host |
The hostname of the CA instance. |
| port |
The non-SSL port of the Certificate System CA. |
| username |
The Certificate System user for whom the certificate request is issued. |
| password |
The password of the Certificate System user. |
| pop_option |
Optional. Sets the type of POP request to generate; since this can generate invalid requests, this option can be used for testing. There are three values:
|
| subject_dn |
The distinguished name of the requested certificate. |
| OUTPUT_CERT_REQ |
Optional. Prints the generated certificate request to the screen. |
Table 16.1.