Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The request MUST be an ASN.1 DER encoded CMS request (as specified in [RFC3852]), that includes a CMC request (as specified in [RFC2797]). The ASN.1 structure includes the following fields. The client MUST construct an ASN.1 CMC request structure with the following fields:
TaggedRequest: This field MUST contain exactly one certificate request. The certificaterequest MUST be PKCS #10 as specified in sections 2.2.2.6.1, 2.2.2.6.5, and 3.1.1.4.3.1.1.
TaggedAttributes: The client MAY pass additional enrollment attributes in the RegInfo attribute as specified in [RFC2797] section 5.12. The semantics for the value of this attribute are identical to the ones that are defined for the pwszAttributes parameter for ICertRequestD::Request and ICertRequestD2::Request2. The format of the value is specified in section 2.2.2.6.3.
Client MUST construct CMS (as specified in [RFC3852]) with the following requirements:
ContentType: This field MUST be the OID szOID_PKCS_7_SIGNED (1.2.840.113549.1.7.2, id-signedData).
Content: This field MUST be a SignedData with the following values for its fields:
encapContentInfo field: This field MUST have the following values for its fields:
eContentType: This field MUST be the OID szOID_CT_PKI_DATA (1.3.6.1.5.5.7.12.2, Id-cct-PKIData).
eContent: This field MUST be the CMC certificate request constructed in the preceding (first) step.
SignerInfo fields: The first signerInfo MUST use either the subjectKeyIdentifier form of signerInfo, as specified in [RFC2797] section 4.2, or MUST use the No-Signature Signature Mechanism, as specified in [RFC2797] section 3.3.3.1.