PKI management operation | operation label | Details |
---|---|---|
Enroll client to new PKI | /initialization |
|
Enroll client to existing PKI | /certification |
|
Update client certificate | /keyupdate |
|
Enroll client using PKCS#10 | /p10 |
|
Revoke client certificate | /revocation |
|
Get CA certificates | /getcacerts |
|
Get root CA certificate update | /getrootupdate |
|
Get certificate request template | /getcertreqtemplate |
|
Get CRL updates | /getcrls |
|
|
/nested |
|
PKI management operation | operation label | Details |
---|---|---|
Enroll client to new PKI | /ir |
|
Enroll client to existing PKI | /cr |
|
Update client certificate | /kur |
|
Enroll client using PKCS#10 | /p10 |
|
Revoke client certificate | /rr |
|
Get CA certificates | /crts |
|
Get root CA certificate update | /rcu |
|
Get certificate request template | /att |
|
Get CRL updates | /crls |
|
|
/nest |
|
ID | PKI management operations and variants | EE | RA | CA |
---|---|---|---|---|
Generic | generic aspects of PKI management operations, |
MUST | MUST | MUST |
IR | Requesting a certificate from a new PKI with signature-based protection, |
MUST | MUST | MUST |
CR | Requesting an additional certificate with signature-based protection, |
MAY | MAY | MAY |
KUR | Updating an existing certificate with signature-based protection, |
MUST | MUST | MUST |
P10CR | Requesting a certificate from a legacy PKI using a PKCS#10 request, |
MAY | MAY | MAY |
MAC | Requesting a certificate from a PKI with MAC-based protection (IR, CR, KUR, and P10CR if supported), |
SHOULD | SHOULD | SHOULD |
CKeyGen | Adding central key generation to a certificate request (IR, CR, KUR, and P10CR if supported). (If supported, key agreement key management technique is REQUIRED, and key transport and password-based key management techniques are OPTIONAL.), |
MAY | MAY | MAY |
RR | Revoking a certificate, |
SHOULD | SHOULD | SHOULD |
CACerts | Get CA certificates, |
MAY | MAY | MAY |
RootUpd | Get root CA certificate update, |
MAY | MAY | MAY |
ReqTempl | Get certificate request template, |
MAY | MAY | MAY |
CRLUpd | CRL update retrieval, |
MAY | MAY | MAY |
Polling | Handling delayed delivery, |
MAY | MAY | MAY |
CertResp | Responding to a certificate request (IR, CR, KUR, and P10CR if supported), |
N/A | MAY | MUST |
InitPoll | Initiating delayed delivery, |
N/A | MAY | MAY |
CertConf | Responding to a confirmation message, |
MUST | MAY | MUST |
RevResp | Responding to a revocation request, |
N/A | MAY | SHOULD |
GenResp | Responding to a support message (CACerts, RootUpd, ReqTempl, CRLUpd if supported), |
N/A | MAY | MAY |
FwdKeep | Forwarding messages - not changing protection, |
N/A | MUST | N/A |
FwdAddS | Adding protection to a request message, |
N/A | MUST | MUST |
FwdAddB | Batching messages, |
N/A | MAY | MAY |
FwdRepKP | Forwarding messages - replacing protection, not changing any included proof-of-possession, |
N/A | MAY | N/A |
FwdRepBP | Forwarding messages - replacing protection, breaking proof-of-possession, |
N/A | MAY | MAY |
CertOnB | Acting on behalf of other PKI entities - requesting certificates, |
N/A | MAY | N/A |
RevROnB | Acting on behalf of other PKI entities - revoking a certificate, |
N/A | SHOULD | SHOULD |
ID | Message transfer type | EE | RA | CA |
---|---|---|---|---|
HTTP | HTTP transfer, |
SHOULD | SHOULD | SHOULD |
CoAP | CoAP transfer, |
MAY | MAY | MAY |
Piggyb | Piggybacking on other reliable transfer, |
MAY | MAY | MAY |
Offline | Offline transfer, |
MAY | MAY | MAY |