Search
SupportConsoleDevelopersStart a trialContact

14.2. Usage and Output

download PDF
The entire purpose of CMCResponse is to parse a CMC response. As explained in Chapter 12, CMCRequest (Creating CMC Requests), a CMC request is generated and then submitted to a CMC profile which returns a response in the CMC format. In one common use case, a tool like HttpClient is used to submit a request and then retrieve the response. That response is sent to CMCResponse to parse.
The first step is to create the .cfg file which will be used to by HttpClient to submit the request. 
#host: host name for the http server
host=server.example.com

#port: port number
port=9444

#secure: true for secure connection, false for nonsecure connection
secure=true

#input: full path for the enrollment request, the content must be in binary format
input=/tmp/cfu/cmcReq.myCMC

#output: full path for the response in binary format
output=/tmp/cfu/cmcResponse.myCMC

#dbdir: directory for cert8.db, key3.db and secmod.db
#This parameter will be ignored if secure=false
dbdir=/tmp/cfu

#clientmode: true for client authentication, false for no client authentication
#This parameter will be ignored if secure=false
clientmode=false

#password: password for cert8.db
#This parameter will be ignored if secure=false and clientauth=false
password=netscape

#nickname: nickname for client certificate
#This parameter will be ignored if clientmode=false
nickname=

#servlet: servlet name
servlet=/ca/ee/ca/profileSubmitCMCFull
That configuration file is then passed to HttpClient, which received the binary CMC response. 
# HttpClient HttpClient.cfg

Total number of bytes read = 2667
handshake happened
Total number of bytes read = 2287
MIII6wYJKoZIhvcNAQcCoIII3DCCCNgCAQMxDjAMBghghkgBZQMEAQUAMDUGCCsG
AQUFBwwDoCkEJzAlMB8wHQIBAQYIKwYBBQUHBwExDjAMAgEAMAcCBQD4M0pfMAAw
AKCCBrowggLsMIIB1KADAgECAgEaMA0GCSqGSIb3DQEBCwUAMFExHjAcBgNVBAoT
FVNqY1JlZGhhdCBEb21haW4gMDEyNDEPMA0GA1UECxMGcGtpLWNhMR4wHAYDVQQD
ExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTEwMzA4MTY0MTMwWhcNMTEwOTA0
MTY0MTMwWjAMMQowCAYDVQQDEwF4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDhZcSEFI3vYqNWHsHIH/BDrcVHLuHNuifuSE0fgyirNAwI7IwVReB/I2b1NWSy
qh2+9PYIFeScVjXvh7p9GU7GmLL4p+Tdpx3YD1JVrumbn6W2uGvMf8UgNx8OxFgk
uKy3Z9ohd30xoTi/hEKoDKxUXN6BY93UPwKLQ7Fpo9RDvQIDAQABo4GXMIGUMB8G
A1UdIwQYMBaAFNdAZbpGItJ9Yx6gyL8LrfwNKnR7MEIGCCsGAQUFBwEBBDYwNDAy
BggrBgEFBQcwAYYmaHR0cDovL3Bhdy5zamMucmVkaGF0LmNvbTo5MTgwL2NhL29j
c3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
BDANBgkqhkiG9w0BAQsFAAOCAQEAQxdBWvoc5/0SKUGdWvhs4NPqU1cX4fjjUW8t
famLXyk37K7PZM/f4wIso37OuQUQO/tuGR0+8EoBD8NfFJwGcMLb1XIfR/2n/Ndq
TmT6qRnuCST4ucQBEtE8rYkFYZQ5Z22N8QPBjiNvoO5qs8X9xMzmbJrjSyNwGJHl
UBDLhyqgVLzdl80UycoFQPPp8vi4/+2/e1+FFRUjtGgNE1Yc5DdrTeST3h5nA/uS
htQRHj8fzSjE/07zEyMFc/IAmCV3xWkiQK2uHJBrYBKFYVEZ7YJQ6sO/q/lUdv3H
5x6YqEWMqqEJhxru6PRhHKU8WeECu+Z5O+wfIa7BOCjz+AVvLDCCA8YwggKuoAMC
AQICAQEwDQYJKoZIhvcNAQELBQAwUTEeMBwGA1UEChMVU2pjUmVkaGF0IERvbWFp
biAwMTI0MQ8wDQYDVQQLEwZwa2ktY2ExHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1
dGhvcml0eTAeFw0xMTAxMjQyMzU2MTJaFw0xOTAxMjQyMzU2MTJaMFExHjAcBgNV
BAoTFVNqY1JlZGhhdCBEb21haW4gMDEyNDEPMA0GA1UECxMGcGtpLWNhMR4wHAYD
VQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDZUWf2/BRZ//BYFV14OLHErs04Getf7qYnts7dJ/4WNnjEWIdd
rZaHF5OuFmBERLygBSxfKWDH6Gc5XcpafbxFgoRFnfDqjjOqXCkacZ6YTUjrE5QB
YfkGw6577rAoOt4na+Fi4hD/dnV2RKSLNZtGwl5yjhdlYqNAl+1TPF9oh0FSjqCE
M6L7JSnPsbf+afx8vbxQxfi8n+XQZ090bHLf0/mdaTZx3kuW579vKMV0XUp56zzx
BFQ6to4/pNYY3uG9WiFbhMhoHClq5Z8mV0nouJ2NFg5hL/y4KMeqPkMlRJizMnVo
/BuXdF63kGWJHvfl0ujhTWofHxVS1vhgnqrZAgMBAAGjgagwgaUwHwYDVR0jBBgw
FoAU10BlukYi0n1jHqDIvwut/A0qdHswDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B
Af8EBAMCAcYwHQYDVR0OBBYEFNdAZbpGItJ9Yx6gyL8LrfwNKnR7MEIGCCsGAQUF
BwEBBDYwNDAyBggrBgEFBQcwAYYmaHR0cDovL3Bhdy5zamMucmVkaGF0LmNvbTo5
MTgwL2NhL29jc3AwDQYJKoZIhvcNAQELBQADggEBABHxGsnTSMxDunFBJ8PUN2i3
+VHEUPyvsIIH77QTd95qEA+mejJjhokIf7Nm4MA7WIKAp8IZC5aUIIGWdkf0OG+y
1ebcxwdfr+NC2bAuG0OgT5FCF+YM6AmTSYjZTOAXPrYPdjFiGCo+cx6+soIYiQE6
/O7wWFMXlDkx+3eYvV+kyArH/ABG+dFjBT2qFvRnLU8HpVWJYIOenRQt8GPNW3RA
a9EiA5dZVve1rqD1PiYdTgNAADXGJToeY/X8jpbKnHVF4T0FLE6tjrttI6Tq4dAM
Ogh6UN0uK2CUoOzBGyN5UBTmqQHzqq5dXt5H4KIKCCBEJoTjq46VJ0HPvQu5f4Ax
ggHMMIIByAIBAzBWMFExHjAcBgNVBAoTFVNqY1JlZGhhdCBEb21haW4gMDEyNDEP
MA0GA1UECxMGcGtpLWNhMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkC
AQEwDAYIYIZIAWUDBAEFAKBKMBcGCSqGSIb3DQEJAzEKBggrBgEFBQcMAzAvBgkq
hkiG9w0BCQQxIgQgXUsQ5rl+G2aiKpAp68LLdF7uOcPDOYbWlacKxpwKfZIwDQYJ
KoZIhvcNAQEBBQAEggEAa4fQfye0ogzxpFYZd98JNZlTuWeluDBv+HwZeIaRWYn4
/YlbZyn98gBaX5V1NNXsmRO1D8iKa7O+4XORweFnEdzqLDQCzN/TFsnKqT8dYHQT
iY4kd2msBOqYa+x3ZKZoEGvRlPMCRXBMTKfSmq963NT7hCZyLA2jmATs4eYrNyQp
xHPzxrUy0Ftj/NJKNb6g3JtSinUp9RkNMArAyg0ORFCcRbCRQNmxYIFkTyE7/yVY
uaRyE7XIPoBqdo5BWgsQlD7GxK0PeSzTBoqmygLu7gZZfx7pghV4YrXIiYtgMafA
GQwiK2Jj1zs/eRR3MN3TvhSYTzavNxq7MXGQVavLQQ==

The response in binary format is stored in /tmp/jsmith/cmcResponse.myCMC
The last part of the HttpClient response shows where the CMC response file is located, and that file can be used by CMCResponse. When CMCResponse parses the file, it shows the pretty-print version of the response. 
# CMCResponse -d . -i cmcResponse.myCMC
Certificates: 
    Certificate: 
        Data: 
            Version:  v3
            Serial Number: 0x1A
            Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11
            Issuer: CN=Certificate Authority,OU=pki-ca,O=SjcRedhat Domain 0124
            Validity: 
                Not Before: Tuesday, March 8, 2011 8:41:30 AM PST America/Los_Angeles
                Not  After: Sunday, September 4, 2011 9:41:30 AM PDT America/Los_Angeles
            Subject: CN=x
            Subject Public Key Info: 
                Algorithm: RSA - 1.2.840.113549.1.1.1
                Public Key: 
                    Exponent: 65537
                    Public Key Modulus: (1024 bits) :
                        E1:65:C4:84:14:8D:EF:62:A3:56:1E:C1:C8:1F:F0:43:
                        AD:C5:47:2E:E1:CD:BA:27:EE:48:4D:1F:83:28:AB:34:
                        0C:08:EC:8C:15:45:E0:7F:23:66:F5:35:64:B2:AA:1D:
                        BE:F4:F6:08:15:E4:9C:56:35:EF:87:BA:7D:19:4E:C6:
                        98:B2:F8:A7:E4:DD:A7:1D:D8:0F:52:55:AE:E9:9B:9F:
                        A5:B6:B8:6B:CC:7F:C5:20:37:1F:0E:C4:58:24:B8:AC:
                        B7:67:DA:21:77:7D:31:A1:38:BF:84:42:A8:0C:AC:54:
                        5C:DE:81:63:DD:D4:3F:02:8B:43:B1:69:A3:D4:43:BD
            Extensions: 
                Identifier: Authority Key Identifier - 2.5.29.35
                    Critical: no 
                    Key Identifier: 
                        D7:40:65:BA:46:22:D2:7D:63:1E:A0:C8:BF:0B:AD:FC:
                        0D:2A:74:7B
                Identifier: 1.3.6.1.5.5.7.1.1
                    Critical: no 
                    Value: 
                        30:34:30:32:06:08:2B:06:01:05:05:07:30:01:86:26:
                        68:74:74:70:3A:2F:2F:70:61:77:2E:73:6A:63:2E:72:
                        65:64:68:61:74:2E:63:6F:6D:3A:39:31:38:30:2F:63:
                        61:2F:6F:63:73:70
                Identifier: Key Usage: - 2.5.29.15
                    Critical: yes 
                    Key Usage: 
                        Digital Signature 
                        Non Repudiation 
                        Key Encipherment 
                Identifier: Extended Key Usage: - 2.5.29.37
                    Critical: no 
                    Extended Key Usage: 
                        1.3.6.1.5.5.7.3.2
                        1.3.6.1.5.5.7.3.4
        Signature: 
            Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11
            Signature: 
                43:17:41:5A:FA:1C:E7:FD:12:29:41:9D:5A:F8:6C:E0:
                D3:EA:53:57:17:E1:F8:E3:51:6F:2D:7D:A9:8B:5F:29:
                37:EC:AE:CF:64:CF:DF:E3:02:2C:A3:7E:CE:B9:05:10:
                3B:FB:6E:19:1D:3E:F0:4A:01:0F:C3:5F:14:9C:06:70:
                C2:DB:D5:72:1F:47:FD:A7:FC:D7:6A:4E:64:FA:A9:19:
                EE:09:24:F8:B9:C4:01:12:D1:3C:AD:89:05:61:94:39:
                67:6D:8D:F1:03:C1:8E:23:6F:A0:EE:6A:B3:C5:FD:C4:
                CC:E6:6C:9A:E3:4B:23:70:18:91:E5:50:10:CB:87:2A:
                A0:54:BC:DD:97:CD:14:C9:CA:05:40:F3:E9:F2:F8:B8:
                FF:ED:BF:7B:5F:85:15:15:23:B4:68:0D:13:56:1C:E4:
                37:6B:4D:E4:93:DE:1E:67:03:FB:92:86:D4:11:1E:3F:
                1F:CD:28:C4:FF:4E:F3:13:23:05:73:F2:00:98:25:77:
                C5:69:22:40:AD:AE:1C:90:6B:60:12:85:61:51:19:ED:
                82:50:EA:C3:BF:AB:F9:54:76:FD:C7:E7:1E:98:A8:45:
                8C:AA:A1:09:87:1A:EE:E8:F4:61:1C:A5:3C:59:E1:02:
                BB:E6:79:3B:EC:1F:21:AE:C1:38:28:F3:F8:05:6F:2C
        FingerPrint
    Certificate: 
        Data: 
            Version:  v3
            Serial Number: 0x1
            Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11
            Issuer: CN=Certificate Authority,OU=pki-ca,O=SjcRedhat Domain 0124
            Validity: 
                Not Before: Monday, January 24, 2011 3:56:12 PM PST America/Los_Angeles
                Not  After: Thursday, January 24, 2019 3:56:12 PM PST America/Los_Angeles
            Subject: CN=Certificate Authority,OU=pki-ca,O=SjcRedhat Domain 0124
            Subject Public Key Info: 
                Algorithm: RSA - 1.2.840.113549.1.1.1
                Public Key: 
                    Exponent: 65537
                    Public Key Modulus: (2048 bits) :
                        D9:51:67:F6:FC:14:59:FF:F0:58:15:5D:78:38:B1:C4:
                        AE:CD:38:19:EB:5F:EE:A6:27:B6:CE:DD:27:FE:16:36:
                        78:C4:58:87:5D:AD:96:87:17:93:AE:16:60:44:44:BC:
                        A0:05:2C:5F:29:60:C7:E8:67:39:5D:CA:5A:7D:BC:45:
                        82:84:45:9D:F0:EA:8E:33:AA:5C:29:1A:71:9E:98:4D:
                        48:EB:13:94:01:61:F9:06:C3:AE:7B:EE:B0:28:3A:DE:
                        27:6B:E1:62:E2:10:FF:76:75:76:44:A4:8B:35:9B:46:
                        C2:5E:72:8E:17:65:62:A3:40:97:ED:53:3C:5F:68:87:
                        41:52:8E:A0:84:33:A2:FB:25:29:CF:B1:B7:FE:69:FC:
                        7C:BD:BC:50:C5:F8:BC:9F:E5:D0:67:4F:74:6C:72:DF:
                        D3:F9:9D:69:36:71:DE:4B:96:E7:BF:6F:28:C5:74:5D:
                        4A:79:EB:3C:F1:04:54:3A:B6:8E:3F:A4:D6:18:DE:E1:
                        BD:5A:21:5B:84:C8:68:1C:29:6A:E5:9F:26:57:49:E8:
                        B8:9D:8D:16:0E:61:2F:FC:B8:28:C7:AA:3E:43:25:44:
                        98:B3:32:75:68:FC:1B:97:74:5E:B7:90:65:89:1E:F7:
                        E5:D2:E8:E1:4D:6A:1F:1F:15:52:D6:F8:60:9E:AA:D9
            Extensions: 
                Identifier: Authority Key Identifier - 2.5.29.35
                    Critical: no 
                    Key Identifier: 
                        D7:40:65:BA:46:22:D2:7D:63:1E:A0:C8:BF:0B:AD:FC:
                        0D:2A:74:7B
                Identifier: Basic Constraints - 2.5.29.19
                    Critical: yes 
                    Is CA: yes 
                    Path Length Constraint: UNLIMITED
                Identifier: Key Usage: - 2.5.29.15
                    Critical: yes 
                    Key Usage: 
                        Digital Signature 
                        Non Repudiation 
                        Key CertSign 
                        Crl Sign 
                Identifier: Subject Key Identifier - 2.5.29.14
                    Critical: no 
                    Key Identifier: 
                        D7:40:65:BA:46:22:D2:7D:63:1E:A0:C8:BF:0B:AD:FC:
                        0D:2A:74:7B
                Identifier: 1.3.6.1.5.5.7.1.1
                    Critical: no 
                    Value: 
                        30:34:30:32:06:08:2B:06:01:05:05:07:30:01:86:26:
                        68:74:74:70:3A:2F:2F:70:61:77:2E:73:6A:63:2E:72:
                        65:64:68:61:74:2E:63:6F:6D:3A:39:31:38:30:2F:63:
                        61:2F:6F:63:73:70
        Signature: 
            Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11
            Signature: 
                11:F1:1A:C9:D3:48:CC:43:BA:71:41:27:C3:D4:37:68:
                B7:F9:51:C4:50:FC:AF:B0:82:07:EF:B4:13:77:DE:6A:
                10:0F:A6:7A:32:63:86:89:08:7F:B3:66:E0:C0:3B:58:
                82:80:A7:C2:19:0B:96:94:20:81:96:76:47:F4:38:6F:
                B2:D5:E6:DC:C7:07:5F:AF:E3:42:D9:B0:2E:1B:43:A0:
                4F:91:42:17:E6:0C:E8:09:93:49:88:D9:4C:E0:17:3E:
                B6:0F:76:31:62:18:2A:3E:73:1E:BE:B2:82:18:89:01:
                3A:FC:EE:F0:58:53:17:94:39:31:FB:77:98:BD:5F:A4:
                C8:0A:C7:FC:00:46:F9:D1:63:05:3D:AA:16:F4:67:2D:
                4F:07:A5:55:89:60:83:9E:9D:14:2D:F0:63:CD:5B:74:
                40:6B:D1:22:03:97:59:56:F7:B5:AE:A0:F5:3E:26:1D:
                4E:03:40:00:35:C6:25:3A:1E:63:F5:FC:8E:96:CA:9C:
                75:45:E1:3D:05:2C:4E:AD:8E:BB:6D:23:A4:EA:E1:D0:
                0C:3A:08:7A:50:DD:2E:2B:60:94:A0:EC:C1:1B:23:79:
                50:14:E6:A9:01:F3:AA:AE:5D:5E:DE:47:E0:A2:0A:08:
                20:44:26:84:E3:AB:8E:95:27:41:CF:BD:0B:B9:7F:80
        FingerPrint


Number of controls is 1
Control #0: CMCStatusInfo
   OID: {1 3 6 1 5 5 7 7 1}
   BodyList: 4164110943 
   Status: SUCCESS
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.