Razumain
commented
1 year ago Fix provided in feature branch feature/cmc-upgrade-and-pkcs10 resolves this issue when adopted.
Closed Razumain closed 1 year ago
Razumain
commented
1 year ago Fix provided in feature branch feature/cmc-upgrade-and-pkcs10 resolves this issue when adopted.
martin-lindstrom
commented
1 year ago
Current implementation only utilise the CRMF request format which provides less substantial Proof Of Possession (POP) to the issuing CA that the requestor has access to the corresponding private key.
PKCS10 request format requires access to the private key as the PKCS10 request is signed with the private key of the public key in the requested certificate.
Since signservice has access to the signer private key, there should be an option to use PKCS10 request format, which also allows greater flexibility of choice of compatible CA:s