Closed mpeylo closed 3 years ago
Effective use case for many RAs will be to receive PKCS#10 from legacy EEs and obtain a certificate for it from a CA.
There could be a function in CRMF that takes a PKCS#10 and converts it to an "raVerified" CRMF certRequest.
A new option in the cmp application could then trigger creating e.g. an IR/KUR based on that certRequest generated out oft the PKCS#10.
There would be benefits of using certRequest over the p10cr:
This is meanwhile implemented as part of the upcoming OpenSSL version 3.0.
Effective use case for many RAs will be to receive PKCS#10 from legacy EEs and obtain a certificate for it from a CA.
There could be a function in CRMF that takes a PKCS#10 and converts it to an "raVerified" CRMF certRequest.
A new option in the cmp application could then trigger creating e.g. an IR/KUR based on that certRequest generated out oft the PKCS#10.
There would be benefits of using certRequest over the p10cr: