System information
CRMF Pop Request
The CRMFPopClient utility is a tool to send a Certificate Request Message Format (CRMF)
request to a Certificate System CA with the request encoded with proof of possession (POP)
data that can be verified by the CA server. If a client provides POP information with a request,
the server can verify that the requester possesses the private key for the new certificate.
The tool does all of the following:
1. Has the CA enforce or verify POP information encoded within a CRMF request.
2. Makes simple certificate requests without using the standard Certificate System agent page
or interface.
3. Makes a simple certificate request that includes a transport certificate for key archival from
the DRM.
1. Syntax
There are two syntax styles for the CRMFPopClient utility, depending on the intended use:
CRMFPopClient token_password authenticator host port username password
[pop_option] subject_dn [OUTPUT_CERT_REQ]
CRMFPopClient token_password [pop_option] OUTPUT_CERT_REQ subject_dn
Option Description
token_password
The password for the cryptographic token.
authenticator
The authentication manager within the
Certificate System; this is most often set to
nullAuthMgr
host
The hostname of the CA instance.
port
The non-SSL port of the Certificate System
CA.
username
The Certificate System user for whom the
certificate request is issued.
Chapter 16.
63