3.2.2.6.2.1.2 Processing a Request
In addition to the request types specified in section 3.2.1.4.2.1.4, the server MUST support the following types of certificate requests:
A Request On Behalf Of (ROBO) a different subject.
A request that includes private key materials.
A request that includes key attestation materials.
A request that includes challenge response materials.
The following table describes the different request formats for these additional scenarios.
|
Request type |
CMS with PKCS #10 |
PKCS #10 |
CMS with CMC |
Netscape KEYGEN |
|---|---|---|---|---|
|
ROBO |
Yes |
No |
Yes |
No |
|
Key archival request |
No |
No |
Yes |
No |
|
Initial Key Attestation Request |
Yes |
Yes |
Yes |
No |
|
Challenge Response |
Yes |
No |
Yes |
No |
"Yes" indicates that this format is supported for this request type. "No" indicates that this format is not supported by this protocol.
If a certificate request is submitted using a certificate format that is not supported, the CA MUST return an error code. The error code SHOULD be CRYPT_E_INVALID_MSG_TYPE.
The server MUST apply the rules specified in the following sections for each of these request types.