Certificate Enrollment Protocols:
- EST – Enrollment over Secure Transport, RFC 7030
- EST-coaps – EST over coaps, IETF draft
- ACME – Automatic Certificate Management Environment, RFC 8555
- SCEP - Simple Certificate Enrollment Protocol, draft-nourse-scep-23
- CMP - Certificate Management Protocol, RFC 4210, RFC 421
- CMC - Certificate Management over CMS, RFC 5273
- X.509/RFC 3280/RFC 5280/RFC 6818 certificates, configurable profiles.
Algorithms and key types:
- CA signatures: RSA, RSASSA-PSS, DSA
Key lengths as supported by HSM (e.g. RSA 1024 - 16384 bit). Algorithms: SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3-224, SHA3-256, SHA3-384, SHA3-512, RipeMD-160.
- CA signatures: EC, Prime field based ECDSA algorithms with named curves as supported by HSM, hash functions as above.
- End user keys: RSA, 1024-4096 bits (soft tokens and on smart card/token type).
- End user keys: EC, Prime field based ECDSA algorithms with arbitrary curve parameters (only on smart cards). Certificates for ECDSA keys can be requested only via CM SDK.