Home |  Forum |  Submit Software |  Submit Book |  Link to Us |  Contact us  |   Sitemap

  Topics
Software
Books
Network Basics
Glossaries
SNMP
Networking
Links
  Forums
SnmpTools.net forum
  Search for Software

  Other
Submit Software
Submit Book
Link to Us
Contact Us

 


  Visit ActiveSocket Web Site
  Download ActiveSocket Network Communication Toolkit

CMP (Certificate Management Protocol) - an explanation

CMP is a certificate life-cycle management protocol developed by the PKIX Working Group of the Internet Engineering Task Force (IETF), and it is described in documents RFC 2510 and RFC 2511.
CMP supports PKCS #10 and Certificate Request Message Format (CRMF) as the request message formats. These formats provide the mechanisms for proof of possession (PoP) for the private key that is being certified and they are wrapped inside CMP messages. The CMP messages can be transported with either HTTP or TCP.CMP is a full certificate life-cycle management protocol, and initial enrolment is only part of it. In CMP, an end entity needs to send an initial request when the first certificate is enrolled from a given CA. Consequent certification requests can be signed with the valid private key to facilitate automatic key renewal. Revocation requests can be used to inform the CA about the need to revoke a certificate.

Currently CMP is not widely supported by the end-entity clients and devices, but as a result of intensive interoperability efforts it is likely that more client-side implementations will emerge.