You can restrict access to the CMPv2 Service so that it can accept requests only from permitted CMPv2 clients. You can restrict access using a permitted senders file.
The permitted senders file must contain a list of fully qualified domain names (FQDNs) or IP addresses of clients that are permitted to send CMPv2 requests. Host names in an FQDN must contain only ASCII letters (A to Z, a to z), numbers (0 to 9), and hyphens.
You can specify the permitted senders file when configuring Certificate Enrollment Gateway for CMPv2 enrollment.
To configure a permitted senders file
- Create a new file or open an existing permitted senders file in a text editor.
In the file, enter a list of fully qualified domain names (FQDNs) or IP addresses of hosts permitted to send CMPv2 requests. Each line must contain either an IP address or FQDN. For example:
domain1.example.comdomain2.example.comdomain3.example.com192.0.2.0192.0.2.1192.0.2.2- Save and close the file.
- Configure the CMPv2 protocol to use the permitted senders file (see Configuring Certificate Enrollment Gateway for CMPv2 enrollment).