...

New endpoint on CertService API should be available to trigger certificate update use case. Internally (based on sent Certificate Signing Request (CSR), private key (PK) and current certificate ) it should distinguish if KUR or CR request should be created and sent to CMPv2 server. Message sent to CMPv2 server should be protected by RV/PSK (as Initialization Request nowadays)   or by sent certificate

Client side

...

Integration

Certificate update ill will be tested with open source CMPv2 server - EJBCA.