C.1. GetCACaps HTTP Message Format
"GET" CGI-PATH CGI-PROG "?operation=GetCACaps" "&message=" CA-IDENT
This message requests capabilities from CA. The response is a list
of text capabilities, as defined in Appendix C.2. Support for this
message is OPTIONAL, but if it is not supported, the client SHOULD
assume that none of the capabilities in Appendix C.2 are supported.
C.2. CA Capabilities Response Format
The response for a GetCACaps message is a list of CA capabilities, in
plain text, separated by <LF> characters, as follows (quotation marks
are NOT sent):
Appendix C.2
Pritikin, et al. Expires March 10, 2012 [Page 40]
Internet-Draft SCEP September 2011
+--------------------+----------------------------------------------+
| Keyword | Description |
+--------------------+----------------------------------------------+
| "GetNextCACert" | CA Supports the GetNextCACert message. |
| "POSTPKIOperation" | PKIOPeration messages may be sent via HTTP |
| | POST. |
| "Renewal" | Clients may use current certificate and key |
| | to authenticate an enrollment request for a |
| | new certificate. |
| "SHA-512" | CA Supports the SHA-512 hashing algorithm. |
| "SHA-256" | CA Supports the SHA-256 hashing algorithm. |
| "SHA-1" | CA Supports the SHA-1 hashing algorithm. |
| "DES3" | CA Supports the Triple-DES encryption |
| | algorithm. |
+--------------------+----------------------------------------------+
The client SHOULD use SHA-1, SHA-256, or SHA-512 in preference to MD5
hashing if it is supported by the CA.
The server MUST use the texual case specified here, but clients
SHOULD ignore the textual case when processing this message. A
client MUST be able to accept and ignore any unknown keywords that
might be sent back by a CA.
If the CA supports none of the above capabilities the SCEP server
SHOULD return an empty message. A server MAY simply return an HTTP
Error. A client that receives an empty message or an HTTP error
SHOULD interpret the response as if none of the requested
capabilities are supported by the CA.
The Content-type of the reply SHOULD be "text/plain". Clients SHOULD
ignore the Content-type, as older server implementations of SCEP may
send various Content-types.
Example:
GET /cgi-bin/pkiclient.exe?operation=GetCACaps&message=myca
might return:
GetNextCACert<LF>POSTPKIOperation
This means that the CA supports the GetNextCACert message and allows
PKIOperation messages (PKCSreq, GetCert, GetCertInitial, ...) to be
sent using HTTP POST.
分享到:
相关推荐
This comprehensive reference details features and capabilities of SharePoint Server 2007. It delivers the easy-to-follow procedures, practical workarounds, and key troubleshooting tactics you need ...
Appium样品。 Chrome和Safari 要求: Appium 12+( ) Chromedriver 2.2( ) 具有root权限的仿真器或设备 设备上的Chrome稳定版( ) 配置: 提取chromedriver后,在系统变量中添加路径。... ca
Find out how to extend the capabilities of Bootstrap with a huge range of tools and plugins, including jQuery, Do more with JavaScript and learn how to create an enhanced user experience Book ...
Find out how to extend the capabilities of Bootstrap with a huge range of tools and plugins, including jQuery, Do more with JavaScript and learn how to create an enhanced user experience Book ...
The distributed sensing capabilities and the ease of deployment provided by a wireless communication paradigm make WSNs an important component of our daily lives. By providing distributed, real-time ...
RapidSSL Rogue CA Certificate 90 Chosen-Prefix Collision Attack 92 Construction of Colliding Certificates 92 Predicting the Prefix 94 What Happened Next 96 Comodo Resellers Breaches 96 StartCom Breach...
Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. Overview of Chapters Chapter 1, Python Basics We’ll begin by exploring how to create and run a Python script...
关于雷达方面的知识! EFFECTIVENESS OF EXTRACTING WATER SURFACE SLOPES FROM LIDAR DATA WITHIN THE ACTIVE CHANNEL: SANDY RIVER, OREGON, USA by JOHN THOMAS ENGLISH A THESIS Presented to the Department ...
and Cllaracterization (WiNTECID), Los Angeles, CA, USA positioning systems was made In the second part was presented the way in which an [20] Convert sensor data to web pages using a Cloud ...
those who wish to write sim-ple tablet programs, programmers who wish to write complex applications that take full ad¬vantage of tab-let capabilities, and programmers who wish to provide tablet ...
POINT TO POINT CALLS may not have all of the same features and capabilities of a call made using a CONCURRENT CONNECTION. “SUBSCRIPTION PERIOD” means the period of time you have licensed the ...