2.2.2.8 Response Format

  • Article

There are two possible response formats:

  • CMS certificate chain format, as specified in [RFC3852].

    The CA uses the CMS structures, as specified in [RFC3852], to generate responses to a client's certificate enrollment requests. When the CA responds to a certificate request, it returns a CMS that MUST include the issued certificate and MAY return all of the CA certificates in the certificate chain of the issued certificate.

    The following fields are specified in [RFC3852] and used by this protocol:

    • ContentType

    • Version

    • DigestAlgorithmIdentifiers

    • ContentInfo

    • ExtendedCertificateOrCertificate

    • RevocationInfoChoicesSignerInfos

  • CMC full PKI response, as specified in [RFC2797] section 4.4.

    The response format is requested by the client in the dwFlags parameter of the ICertRequestD::Request and ICertRequestD2::Request2 methods, as specified in sections 3.2.1.4.2.1 and 3.2.1.4.3.1.

    The following fields are specified in [RFC2797] section 3.1 and are used by this protocol:

    • TaggedAttribute

    • OtherMsg content

    • BodyPartId

    • AttributeValue

    • ContentInfo

Processing rules for these fields are specified in sections 3.2.1.4.2.1.4.8.1 and 3.2.2.6.2.1.4.