...
- when end entity certificate data has been changed (e.g. Subject DN and/or extensions) has been changed
- when end entity certificate data hasn't been changed at all
...
Gliffy | ||||||||
---|---|---|---|---|---|---|---|---|
|
API (server) side
New endpoint on CertService API should be available to trigger certificate update use case. Internally (based on sent Certificate Signing Request (CSR), private key (PK) and current certificate certificate) it should distinguish if KUR or CR request should be created and sent to CMPv2 server. Message sent to CMPv2 server should be protected by RV/PSK (as Initialization Request nowadays) or by sent certificate
Client side
...
Integration
Certificate update ill will be tested with open source CMPv2 server - EJBCA.