Current implementation only utilise the CRMF request format which provides less substantial Proof Of Possession (POP) to the issuing CA that the requestor has access to the corresponding private key.
PKCS10 request format requires access to the private key as the PKCS10 request is signed with the private key of the public key in the requested certificate.
Since signservice has access to the signer private key, there should be an option to use PKCS10 request format, which also allows greater flexibility of choice of compatible CA:s
Current implementation only utilise the CRMF request format which provides less substantial Proof Of Possession (POP) to the issuing CA that the requestor has access to the corresponding private key.
PKCS10 request format requires access to the private key as the PKCS10 request is signed with the private key of the public key in the requested certificate.
Since signservice has access to the signer private key, there should be an option to use PKCS10 request format, which also allows greater flexibility of choice of compatible CA:s