[Pki-users] CMC support

[Michael Peck]

Hi -

My question is a follow-on to the CMC enrollment thread from April 28.

The earlier thread says CMC requests have to be inputted through the web
based "certificate enrollment profiles" by filling in a form field with the
request data.

I noticed the Dogtag CA has servlets running at:
 /ee/ca/profileSubmitCMCFull
 /ee/ca/profileSubmitCMCSimple
 /ee/ca/CMCRevReq
Is it possible for a client to send requests directly to those servlets
instead of going through the web form -- and is there a way for the client
to receive the CMC Response from the server as described in the RFC, rather
than just the text message / base64 certificate returned by the web form
after it is submitted?

Also, do CMC requests always have to be signed by an authorized agent, or
has there been any thought to allowing clients to rekey their own
certificates directly with the CA?  (e.g. authenticate a new certificate
request using the old certificate with the same subject)

Has interoperability been tested with any tools besides the ones described
here http://pki.fedoraproject.org/wiki/PKI_Java_Tools
(CMCEnroll/CMCRequest/etc.)?  Do any other CMC clients actually exist?

Thanks,
Mike Peck
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20080918/421d3af8/attachment.htm>