What is the format of ss.dat file used by CMP 3gpp plug-in?
Originally Published: 2013-08-19
Article Number
Applies To
Certificate Management Protocol (CMP)
CMP over HTTP / HTTPS
Issue
Format of ss.dat (used by 3gpp.osa plugin)
4G / LTE network security
3GPP (3G Partnership Project)
3GPP TS 33.310 document
CMPv2 (RFC 4210)
Resolution
For RCM 6.9 build 554 (and later builds), ss.dat must include one or more blocks of entries, where each block starts with keyid tag. Each keyid tag must be followed by ALL directives, in the same sequence, as listed below.
NOTES:
- Do not include any comments (lines preceding with #)
- Do not comment out any of the directives in ss.dat
- You must provide a value for keyid, poprequired, domainid, and profile directives
- Any optional directives may be kept incomplete, for example, sharedsecret=
Here's a sample ss.dat contents (containing two keyid blocks) for use with CMP 3gpp plugin:
keyid=cn=testCA1
sharedsecret=
poprequired=true
domainid=449e2dbb4d058b11d7e7ce65fbc1ea591ea78748
profile=3
certdn=
trustedcadir=/opt/RSA_CM/CmpServer/conf/trustedca
ocsp_server_host=
ocsp_server_port=
use_vendorcert_cn=0
whitelist_file=
blacklist_file=
cntocheck=0
addcapubs=0
verifyVPKI=false
verifyUniqueSubject=1
keyid=interop
sharedsecret=interop
poprequired=false
domainid=449e2dbb4d058b11d7e7ce65fbc1ea591ea78748
profile=3
certdn=cn=Joe
trustedcadir=
ocsp_server_host=
ocsp_server_port=
use_vendorcert_cn=0
whitelist_file=/opt/RSA_CM/CmpServer/conf/whitelist.xml
blacklist_file=
cntocheck=0
addcapubs=0
verifyVPKI=false
verifyUniqueSubject=1
Notes
For more details on how to configure CMP 3gpp plug-in on RCM, review the following:
1. RSA Certificate Manager 6.9 Administrator's Guide, section 'Certificate Management Protocol', pages 267-279
2. RSA Certificate Manager 6.9 build 554 (or later) Readme
(Note that verifyVPKI and verifyUniqueSubject were introduced in RCM 6.9 build 555. For more details about these parameters, refer to RCM 6.9 build 555 or later Readme.)
Related Articles
Certificate is issued with certdn value from CMP request rather than the one in ss.dat when CMP Server is configured with … Number of Views upgrade adds geoip_SHORTRUN_1.dat Number of Views multiple services crashing on multiple servers and dat files be duplicated on storage locations Number of Views Explanation of the failover.dat file used by RSA Authentication Manager 8.x Number of Views entitlement server timeout and/or failover when performing a wildcard search in admingui Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle RSA Authentication Manager 8.8 Setup and Configuration Guide Artifacts to gather in RSA Identity Governance & Lifecycle
Don't see what you're looking for?
