Certificate Management Protocol
| CMP (Certificate Management Protocol) | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| family: | unknown | |||||||||||||||||||||||||||||
| field of application : | certificate management | |||||||||||||||||||||||||||||
| newest version: | cmp2021(3) | |||||||||||||||||||||||||||||
| OID of the newest version: | 1.3.6.1.5.5.7.0.16 | |||||||||||||||||||||||||||||
| TCP/UDP port: | 80 (http), 443 (https), 829 (pkix-3-ca-ra) | |||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||
| proposed standard: | ||||||||||||||||||||||||||||||
| obsolete standards: |
RFC 2510 (CMPv1, 1999) | |||||||||||||||||||||||||||||
The Certificate Management Protocol (CMP) is an Internet protocol standardized by the IETF used for obtaining X.509 public-key certificates in a PKI.
CMP is a very feature-rich and flexible protocol. So far it is the only protocol with support of all types of cryptography. This includes KEM keys, which have become more important for post-quantum cryptography (PQC).
CMP messages are self-contained, which makes the protocol independent of the transport mechanism and provides end-to-end security also over multiple hops. This distinguishes CMP and CMC from other certificate enrollment protocols including EST. CMP messages are defined in ASN.1 syntax and encoded using the DER method.
CMP is described in RFC 9810. Enrollment request messages employ the Certificate Request Message Format (CRMF), described in RFC 4211 and updated in RFC 9045. The only other protocol so far using CRMF is Certificate Management over CMS (CMC), described in RFC 5273.