Expand description
CMP v3 endpoint (RFC 9810).
Certificate Management Protocol version 3 provides a comprehensive certificate lifecycle management protocol. Unlike EST which uses HTTP semantics, CMP uses its own ASN.1 message format (PKIMessage) transported over HTTP.
RFC 9810 §3: CMP messages are encoded as DER and transported via
HTTP POST to /.well-known/cmp.
§Supported message types
| Type | Body | Description |
|---|---|---|
| ir | CertReqMessages | Initialization request |
| cr | CertReqMessages | Certification request |
| kur | CertReqMessages | Key update request |
| rr | RevReqContent | Revocation request |
| genm | GenMsgContent | General message |
§Protection
CMP messages are protected by either:
- Signature-based — the sender signs with their certificate
- MAC-based — using a shared secret (for initial enrollment)
Structs§
- CmpRequest
- Parsed CMP request message.
- CmpResponse
- CMP response message under construction.
Enums§
- CmpMessage
Type - CMP message type, identified by the implicit tag on the PKIBody choice within PKIMessage (RFC 9810 §5.3).
- CmpProtection
Type - CMP message protection mechanism.
Functions§
- build_
cmp_ response - Build a DER-encoded CMP PKIMessage response.
- parse_
cmp_ message - Parse a DER-encoded CMP PKIMessage into a
CmpRequest. - post_
cmp POST /.well-known/cmp— process a CMP PKIMessage.