RFC 9810 · PROPOSED STANDARD · 2025 SUN · 14 JUN 2026

Internet X.509 Public Key Infrastructure -- Certificate Management Protocol

By H. Brockhaus, D. von Oheimb, M. Ounsworth, J. Gray · Published July 2025 · DOI 10.17487/RFC9810

Overview

RFC 9810, “Internet X.509 Public Key Infrastructure -- Certificate Management Protocol”, is a Proposed Standard document published in July 2025 by H. Brockhaus, D. von Oheimb, M. Ounsworth, J. Gray. It updates RFC 5912. It obsoletes RFC 4210, RFC 9480. The canonical text is published by the RFC Editor.

Abstract

This document describes the Internet X.509 Public Key Infrastructure (PKI) Certificate Management Protocol (CMP). Protocol messages are defined for X.509v3 certificate creation and management. CMP provides interactions between client systems and PKI components such as a Registration Authority (RA) and a Certification Authority (CA).

This document adds support for management of certificates containing a Key Encapsulation Mechanism (KEM) public key and uses EnvelopedData instead of EncryptedValue. This document also includes the updates specified in Section 2 and Appendix A.2 of RFC 9480.

This document obsoletes RFC 4210, and together with RFC 9811, it also obsoletes RFC 9480. Appendix F of this document updates Section 9 of RFC 5912.

Abstract as published in the RFC, via rfc-editor.org.

What “Proposed Standard” means

An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.

Read this RFC

The canonical text of RFC 9810 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.

Read on rfc-editor.org Plain text › HTML › IETF Datatracker › DOI link ›

Relationships to other RFCs

This RFC obsoletes: RFC 4210 RFC 9480
This RFC updates: RFC 5912

Other RFCs from 2025

Abstract

What “Proposed Standard” means

Who Is Online