CA Capabilities
4798 단어 CAP
"GET" CGI-PATH CGI-PROG "?operation=GetCACaps" "&message=" CA-IDENT
This message requests capabilities from CA. The response is a list
of text capabilities, as defined in Appendix C.2. Support for this
message is OPTIONAL, but if it is not supported, the client SHOULD
assume that none of the capabilities in Appendix C.2 are supported.
C.2 . CA Capabilities Response Format
The response for a GetCACaps message is a list of CA capabilities, in
plain text, separated by <LF> characters, as follows (quotation marks
are NOT sent):
Appendix C.2
Pritikin, et al. Expires March 10, 2012 [Page 40]
Internet-Draft SCEP September 2011
+--------------------+----------------------------------------------+
| Keyword | Description |
+--------------------+----------------------------------------------+
| "GetNextCACert" | CA Supports the GetNextCACert message. |
| "POSTPKIOperation" | PKIOPeration messages may be sent via HTTP |
| | POST. |
| "Renewal" | Clients may use current certificate and key |
| | to authenticate an enrollment request for a |
| | new certificate. |
| "SHA-512" | CA Supports the SHA-512 hashing algorithm. |
| "SHA-256" | CA Supports the SHA-256 hashing algorithm. |
| "SHA-1" | CA Supports the SHA-1 hashing algorithm. |
| "DES3" | CA Supports the Triple-DES encryption |
| | algorithm. |
+--------------------+----------------------------------------------+
The client SHOULD use SHA-1, SHA-256, or SHA-512 in preference to MD5
hashing if it is supported by the CA.
The server MUST use the texual case specified here, but clients
SHOULD ignore the textual case when processing this message. A
client MUST be able to accept and ignore any unknown keywords that
might be sent back by a CA.
If the CA supports none of the above capabilities the SCEP server
SHOULD return an empty message. A server MAY simply return an HTTP
Error. A client that receives an empty message or an HTTP error
SHOULD interpret the response as if none of the requested
capabilities are supported by the CA.
The Content-type of the reply SHOULD be "text/plain". Clients SHOULD
ignore the Content-type, as older server implementations of SCEP may
send various Content-types.
Example:
GET /cgi-bin/pkiclient.exe?operation=GetCACaps&message=myca
might return:
GetNextCACert<LF>POSTPKIOperation
This means that the CA supports the GetNextCACert message and allows
PKIOperation messages (PKCSreq, GetCert, GetCertInitial, ...) to be
sent using HTTP POST.
이 내용에 흥미가 있습니까?
현재 기사가 여러분의 문제를 해결하지 못하는 경우 AI 엔진은 머신러닝 분석(스마트 모델이 방금 만들어져 부정확한 경우가 있을 수 있음)을 통해 가장 유사한 기사를 추천합니다:
CA Capabilities. GetCACaps HTTP Message Format . CA Capabilities Response Format...
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
CC BY-SA 2.5, CC BY-SA 3.0 및 CC BY-SA 4.0에 따라 라이센스가 부여됩니다.