Type: New Feature
Affects Version/s: None
Fix Version/s: EJBCA 6.11.1
Issue discovered during:Customer
Sprint:EJBCA Sprint 8
Ability to configure which certificates are returned in caPubs field by the CMP responder, is a needed function for distributing trust anchors to some devices in a reliable and automated manner.
5.3.2. Initialization Response
An Initialization response message contains as the PKIBody an
CertRepMessage data structure, which has for each certificate
requested a PKIStatusInfo field, a subject certificate, and possibly
a private key (normally encrypted with a session key, which is itself
encrypted with the protocolEncrKey).
See Section 5.3.4 for CertRepMessage syntax. Note that if the PKI
Message Protection is "shared secret information" (see Section
5.1.3), then any certificate transported in the caPubs field may be
directly trusted as a root CA certificate by the initiator.