Use CMP or SCEP protocol in CA mode
This article describes the CA and RA modes for enrollment used by CMP and SCEP protocols, and how to use CA mode in Protocol Gateway.
Enrollment modes
The CMP and SCEP protocols specify two enrollment modes:
CA mode - The CA key pair is used to protect the protocol messages.
RA mode - A separate device RA key pair is used to protect the protocol messages.
Protocol Gateway only supports the enrollment protocols in RA mode, that is, a device RA key pair is used to protect the protocol messages. CA mode is not supported, since the CA's private key should only be used for signing certificates and CRLs. When managing end entities, ensure that they operate in RA mode.
However, some devices don't support RA mode and requires that the CA key pair is used to protect the protocol messages. To support these devices in Protocol Gateway, follow the instruction below to configure the CA key pair to be used as a device RA key pair. It is assumed that an HSM is used to store the CA keys.
Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions