Document toolboxDocument toolbox

Certificate Manager interfaces and APIs

This article includes updates for CM 8.11.

Supported interfaces of Smart ID Certificate Manager

To allow external clients to order certificates from Smart ID Certificate Manager (CM), the following interfaces and protocols are supported via Protocol Gateway:

Interface

For more information

Interface

For more information

ACME

CMC

CMC support in Certificate Manager

CMP

CM SDK

CM SDK is a Java API for certificate management. It provides the same functionality as the CM clients RA and CC except for support of PKCS #10 requests.

The CM SDK is powerful and easy to use and can be operated using both real and virtual Registration Officers.

CM SDK Proxy

CM SDK proxy in Certificate Manager

Distribution point

The Distribution Point in Certificate Manager can be used by external applications to retrieve the CRL, CIL or CA certificate without having to authenticate.  

EST

EST-coaps

EST over CoAPs support in Certificate Manager

Ping

REST API

The following enrollment method is also supported. However, migration to REST API is recommended: 

  • CM Web Services (CM WS) - SOAP-based web service interface used for certificate management in CM, with functionality to enroll, revoke, search and fetch certificates. 

SCEP

The SCEP support includes SCEP Intune and SCEP NDES. 

V2X REST API

Read more on Identities for vehicle-to-everything - V2X PKI.

For questions, Contact Nexus. 

WinEP

Nexus Windows Enrollment Proxy - WinEP

Device authorization 

To control which devices can request certificates, authorization is required. Different enrollment protocols require different authorization. 

Certificate Manager allows different authorization rules for different protocols, by configuration of protocol handlers. The access to a protocol handler can be restricted to administrators that are CM Officers with the configured roles. The authorization condition can be specified as default for a protocol or per protocol handler.

For more information, see each protocol description.   

Device preregistration

For more information, see Device preregistration for automated enrollment.

Related information

 

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions