This module accepts a
form submission request
containing a PEM encoded PKCS10 X509 certificate request among further
Based on configuration, parameters can be passed from the incoming certificate sign request, optional form parameters, or explicit expressions, and a new certificate sign request with acceptable parameters is passed to suitably configured backend modules for request authorisation, certificate signing and issuing, and certificate storage.
The resulting certificate chain is returned by default as a DER
certificate. If the
header is given in the request and set
, the certificate chain is returned as a PEM encoded
PKCS7 certificate instead.
This module can be configured to respond to CertEnroll requests as supported by Microsoft Internet Explorer.