SR OS X.509v3 certificate support

SR OS PKI implementation supports the following features:

• Supported public key algorithm: RSA/DSA/ECDSA:

• Certificate enrollment includes:

  • Locally generated RSA/DSA/ECDSA key

  • Off-line enrollment via PKCS#10

  • On-line enrollment via Certificate Management Protocol version 2 (CMPv2)

  • On-line enrollment via Enrollment over Secure Transport Protocol (EST)

• Support CA chain

• Certificate revocation check:

  • CRL for both EE (End Entity) and CA certificate

  • OCSP for EE certificate only