2020-03-25 2020-11-06 Specification Required Peter Gutmann 0 Reserved 1-2 Unassigned 3 CertRep Response to certificate or CRL request. 4-16 Unassigned 17 RenewalReq PKCS #10 certificate request authenticated with an existing certificate. 18 Unassigned 19 PKCSReq PKCS #10 certificate request authenticated with a shared secret. 20 CertPoll Certificate polling in manual enrolment. 21 GetCert Retrieve a certificate. 22 GetCRL Retrieve a CRL. 23-255 Unassigned IETF Review AES CA supports the AES128-CBC encryption algorithm. DES3 CA supports the triple DES-CBC encryption algorithm. GetNextCACert CA supports the GetNextCACert message. POSTPKIOperation CA supports PKIOPeration messages sent via HTTP POST. Renewal CA supports the Renewal CA operation. SHA-1 CA supports the SHA-1 hashing algorithm. SHA-256 CA supports the SHA-256 hashing algorithm. SHA-512 CA supports the SHA-512 hashing algorithm. SCEPStandard CA supports all mandatory-to-implement sections of the SCEP standard. This keyword implies "AES", "POSTPKIOperation", and "SHA-256", as well as the provisions of Section 2.9 of .