What is the format of ss.dat file used by CMP 3gpp plug-in?
Originally Published: 2013-08-19
Article Number
Applies To
Certificate Management Protocol (CMP)
CMP over HTTP / HTTPS
Issue
Format of ss.dat (used by 3gpp.osa plugin)
4G / LTE network security
3GPP (3G Partnership Project)
3GPP TS 33.310 document
CMPv2 (RFC 4210)
Resolution
For RCM 6.9 build 554 (and later builds), ss.dat must include one or more blocks of entries, where each block starts with keyid tag. Each keyid tag must be followed by ALL directives, in the same sequence, as listed below.
NOTES:
- Do not include any comments (lines preceding with #)
- Do not comment out any of the directives in ss.dat
- You must provide a value for keyid, poprequired, domainid, and profile directives
- Any optional directives may be kept incomplete, for example, sharedsecret=
Here's a sample ss.dat contents (containing two keyid blocks) for use with CMP 3gpp plugin:
keyid=cn=testCA1
sharedsecret=
poprequired=true
domainid=449e2dbb4d058b11d7e7ce65fbc1ea591ea78748
profile=3
certdn=
trustedcadir=/opt/RSA_CM/CmpServer/conf/trustedca
ocsp_server_host=
ocsp_server_port=
use_vendorcert_cn=0
whitelist_file=
blacklist_file=
cntocheck=0
addcapubs=0
verifyVPKI=false
verifyUniqueSubject=1
keyid=interop
sharedsecret=interop
poprequired=false
domainid=449e2dbb4d058b11d7e7ce65fbc1ea591ea78748
profile=3
certdn=cn=Joe
trustedcadir=
ocsp_server_host=
ocsp_server_port=
use_vendorcert_cn=0
whitelist_file=/opt/RSA_CM/CmpServer/conf/whitelist.xml
blacklist_file=
cntocheck=0
addcapubs=0
verifyVPKI=false
verifyUniqueSubject=1
Notes
For more details on how to configure CMP 3gpp plug-in on RCM, review the following:
1. RSA Certificate Manager 6.9 Administrator's Guide, section 'Certificate Management Protocol', pages 267-279
2. RSA Certificate Manager 6.9 build 554 (or later) Readme
(Note that verifyVPKI and verifyUniqueSubject were introduced in RCM 6.9 build 555. For more details about these parameters, refer to RCM 6.9 build 555 or later Readme.)
Related Articles
upgrade adds geoip_SHORTRUN_1.dat Number of Views Certificate is issued with certdn value from CMP request rather than the one in ss.dat when CMP Server is configured with … Number of Views multiple services crashing on multiple servers and dat files be duplicated on storage locations Number of Views Explanation of the failover.dat file used by RSA Authentication Manager 8.x Number of Views entitlement server timeout and/or failover when performing a wildcard search in admingui Number of Views
Trending Articles
How to recover the Application and AFX after an unexpected database failure in RSA Identity Governance & Lifecycle Troubleshooting AFX Connector issues in RSA Identity Governance & Lifecycle RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
