This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 6 and 7
Revision 6 as of 2007-10-01 16:32:23
Size: 1934
Editor: proxy21-ic-ext
Comment: added link to CMPv2 sample and added a reference to the RFC4211 - CRMF
Revision 7 as of 2007-10-18 13:01:20
Size: 2108
Editor: h113-n225
Comment: Some corrections in external links section. My english is bad, i'm sorry for er.
Deletions are marked like this. Additions are marked like this.
Line 3: Line 3:
CMP is a protocol for managing Public Key Infrastrictures (PKI) based on X.509v3 certificates. Protocol messages are defined for certificate creation and management. It is used by commercial PKI products as ''Entrust Security Manager'' and ''Unicert''
Line 4: Line 5:
CMP is a protocol for managing Public Key Infrastrictures (PKI) based on X.509v3 certificates. Protocol messages are defined for certificate creation and management. It is used by commercial PKI products as ''Entrust Security Manager'' and ''Unicert''
Line 6: Line 6:

TODO: 
TODO:
Line 10: Line 9:
Line 12: Line 10:
Line 14: Line 11:
Line 18: Line 14:

TODO: 
TODO:
Line 22: Line 17:
Line 26: Line 20:
Line 29: Line 22:
Line 33: Line 25:
 Show only the CMP based traffic: {{{  . Show only the CMP based traffic:
{{{
Line 35: Line 28:
Line 37: Line 29:
Line 40: Line 31:
 Capture only the CMP traffic over the default port (829): {{{  . Capture only the CMP traffic over the default port (829):
{{{
Line 42: Line 34:
Line 44: Line 35:

  * [http://www.ietf.org/rfc/rfc2510.txt RFC 2510] ''Internet X.509 Public Key Infrastructure Certificate Management Protocols'' - It has been replaced by [http://www.ietf.org/rfc/rfc4210.txt RFC 4210] which doesn't address transport issues.
  * [http://www.ietf.org/rfc/rfc4211.txt RFC 4211] ''Certificate Request Message Format'' is more or less bound to CMP. This Version obsoletes RFC 2511 and is used by RFC 4210
 * [http://www.ietf.org/rfc/rfc4210.txt RFC 4210] ''Internet X.509 Public Key Infrastructure Certificate Management Protocols''. This version obsolets [http://www.ietf.org/rfc/rfc2510.txt RFC 2510]. New RFC says that the CMP transport protocol issues are handled in a separate document CMPtrans ( [http://tools.ietf.org/html/draft-ietf-pkix-cmp-transport-protocols-05 Last IETF draft of CMPtrans] ).
 * [http://www.ietf.org/rfc/rfc4211.txt RFC 4211] ''Certificate Request Message Format'' is more or less bound to CMP. This Version obsoletes [http://www.ietf.org/rfc/rfc2511.txt RFC 2511] and is used by RFC 4210

Certificate Management Protocol (CMP)

CMP is a protocol for managing Public Key Infrastrictures (PKI) based on X.509v3 certificates. Protocol messages are defined for certificate creation and management. It is used by commercial PKI products as Entrust Security Manager and Unicert

History

TODO:

Protocol dependencies

  • ["TCP"]: CMP can use ["TCP"] or ["HTTP"] as its transport protocol. The well known TCP port for CMP traffic is 829.

Example traffic

TODO: Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

TODO:

Preference Settings

TODO:.

Example capture file

  • attachment:SampleCaptures/cmp-trace.pcap.gz CMP certificate requests
  • attachment:SampleCaptures/cmp-in-http-with-errors-in-cmp-protocol.pcap.gz CMP version 2 encapsulated in HTTP on port 4711. Full "Initialization Request" and rejected "Key Update Request". There are some errors in the CMP packages.

Display Filter

A complete list of CMP display filter fields can be found in the [http://www.wireshark.org/docs/dfref/c/cmp.html display filter reference]

  • Show only the CMP based traffic:
     cmp 

Capture Filter

You cannot directly filter CMP protocol while capturing. However, if you know the ["TCP"] port used (see above), you can filter on that one.

  • Capture only the CMP traffic over the default port (829):
     tcp port 829 

Discussion

CMP (last edited 2013-02-16 10:47:51 by LTejas)