000017025 - What is the format of ss.dat file used by CMP 3gpp plug-in?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000017025
Applies ToRSA Certificate Manager 6.9
Certificate Management Protocol (CMP)
CMP over HTTP / HTTPS
IssueWhat is the format of ss.dat file used by CMP 3gpp plug-in?
Format of ss.dat (used by 3gpp.osa plugin)
4G / LTE network security
3GPP (3G Partnership Project)
3GPP TS 33.310 document
CMPv2 (RFC 4210)
ResolutionThe CMP 3gpp plug-in (when configured with RCM CMP Server) uses a file RSA_CM/CmpServer/conf/ss.dat to authenticate CMP client requests.
For RCM 6.9 build 554 (and later builds), ss.dat must include one or more blocks of entries, where each block starts with keyid tag.  Each keyid tag must be followed by ALL directives, in the same sequence, as listed below.
NOTES:
  - Do not include any comments (lines preceding with #)
  - Do not comment out any of the directives in ss.dat
  - You must provide a value for keyid, poprequired, domainid, and profile directives
  - Any optional directives may be kept incomplete, for example, sharedsecret=
Here's a sample ss.dat contents (containing two keyid blocks) for use with CMP 3gpp plugin:
keyid=cn=testCA1
sharedsecret=
poprequired=true
domainid=449e2dbb4d058b11d7e7ce65fbc1ea591ea78748
profile=3
certdn=
trustedcadir=/opt/RSA_CM/CmpServer/conf/trustedca
ocsp_server_host=
ocsp_server_port=
use_vendorcert_cn=0
whitelist_file=
blacklist_file=
cntocheck=0
addcapubs=0

verifyVPKI=false

verifyUniqueSubject=1
keyid=interop
sharedsecret=interop
poprequired=false
domainid=449e2dbb4d058b11d7e7ce65fbc1ea591ea78748
profile=3
certdn=cn=Joe
trustedcadir=
ocsp_server_host=
ocsp_server_port=
use_vendorcert_cn=0
whitelist_file=/opt/RSA_CM/CmpServer/conf/whitelist.xml
blacklist_file=
cntocheck=0
addcapubs=0
verifyVPKI=false
verifyUniqueSubject=1
NotesRSA Certificate Manager 6.9 build 554 (and later builds) supports generation of certificates for eNodeB's and SEG's through CMP v2 (over HTTP/HTTPS) using CMP 3gpp plug-in (RSA_CM/CmpServer/osa/3gpp.osa).
For more details on how to configure CMP 3gpp plug-in on RCM, review the following:
1. RSA Certificate Manager 6.9 Administrator's Guide, section 'Certificate Management Protocol', pages 267-279
2. RSA Certificate Manager 6.9 build 554 (or later) Readme
(Note that verifyVPKI and verifyUniqueSubject were introduced in RCM 6.9 build 555.  For more details about these parameters, refer to RCM 6.9 build 555 or later Readme.)
Legacy Article IDa62269

Attachments

    Outcomes