CMP for OpenSSL

Due to some technical difficulties, this website was down over the past few days. It will need some more days until it will be fully operational again.

SVN is working again. Please note that the URL has changed to http://svn.izac.de/cmp

The Public CMP CA testserver will be online again, soon!

Please excuse the inconvenience!

CMP for OpenSSL is an implementation of the Certificate Management Protocol (CMP) version 2, defined in RFC 4210, as an extension to OpenSSL. Since it is associated to CMP, the Certificate Request Message Format (CRMF), defined in RFC 4211, is also handled.

While it is already possible to use this software for basic operation, development is still at an early stage. Expect it to be neiter in a "100% ready to be delivered to your customers" state, nor the API to be completely stable! There is still some work to be done. Keep an eye on this website to stay up-to-date!

This CMP realisation sticks to the RFC definitions by default. A flag can be set to adjust to CA implementations not complying with the standard. The long term goal is to have a full featured, RFC conforming client, able to interact with any available CMP capable CA. So far, it is possible to obtain and update X509 certificates utilizing the Cryptlib CA and to obtain certificates from the Insta Certifier. Other compatibility is work in progress.

The complete source can by downloaded through SVN. The package contains the OpenSSL extension and a client implementation using it. The source for a rudimentary CA based on Cryptlib is also included. Please consider the respective licenses of all included software!

A public CA is available for convenient evaluation of this CMPv2 implementation.

Please let me know if you want to contribute or need any help.