-
INITIALIZE Requests the user's initial certificate. The request is authenticated
using the reference number and the corresponding key (PSK) received from
the CA or RA using some out-of-band mechanism.
The user must specify the PSK, the asymmetric key pair, and a
subject name.
-
ENROLL Requests a new certificate when the user already has a valid certificate
for the key. This request is similar to initialize except that
it is authenticated using public-key methods.
-
POLL Polls for a certificate when a request was not immediately accepted.
-
UPDATE Requests an update of an existing certificate (replacement). The issued
certificate will be similar to the existing certificate (names, flags,
and other extensions). The user can change the key, and the validity
times are updated by the CA. This request is authenticated by a valid
existing key pair and a certificate.
-
RECOVER Requests recovery of a backed-up key. This request is authenticated
either by PSK-based or certificate-based authentication. The template
describes the certificate whose private key has already been backed up
and should be recovered. Users can only recover keys they have backed up
themselves.
-
REVOKE Requests revocation for a key specified in the template. Authentication
of the request is made using a PSK or a certificate belonging to the same
user as the subject of revocation.
-
TUNNEL Operates in RA tunnel mode. Reads requests and optionally modifies the
subject name, alternative names, and extensions based on the command
line. Approves the request and sends it to the CA.
