CMPforOpenSSL, or short cmpossl, is an implementation of the Certificate Management Protocol (CMP) version 2, defined in RFC 4210, RFC 4211, and RFC 6712, which the updates defined in CMP Updates and the Lightweight CMP Profile (LCMPP), based on OpenSSL.

Since October 2025 this software is no more actively maintained.

The implementation covers all commonly used types of CMP messages. It supports:

         ir       [0]  CertReqMessages,        --Initialization Request
         ip       [1]  CertRepMessage,         --Initialization Response
         cr       [2]  CertReqMessages,        --Certification Request
         cp       [3]  CertRepMessage,         --Certification Response
         p10cr    [4]  CertificationRequest,   --imported from [PKCS10]

         kur      [7]  CertReqMessages,        --Key Update Request
         kup      [8]  CertRepMessage,         --Key Update Response

         rr       [11] RevReqContent,          --Revocation Request
         rp       [12] RevRepContent,          --Revocation Response

         pkiconf  [19] PKIConfirmContent,      --Confirmation

         genm     [21] GenMsgContent,          --General Message
         genp     [22] GenRepContent,          --General Response
         error    [23] ErrorMsgContent,        --Error Message
         certConf [24] CertConfirmContent,     --Certificate confirm
         pollReq  [25] PollReqContent,         --Polling request
         pollRep  [26] PollRepContent          --Polling response

Development of the core functionality has become part of the OpenSSL library.
There is meanwhile also a more high-level open-source library available, the genCMPClient.

• The repository was set up in early 2017 as a fork of OpenSSL 1.1.1-dev. It added a CMP client implementation consisting of an extension of the crypto library and a command-line interface (CLI) app. The goal was to contribute the implementation upstream to OpenSSL.
• In June 2020 the upstream integration with the OpenSSL master branch was finished, and it become part of the OpenSSL-3.0.0-alpha4 pre-release.
  OpenSSL 3.0 officially includes this CMP implementation and has been released in September 2021.

• A branch of this repository was used as an intermediate library for providing implementations of newer CMP features that were not yet part of older OpenSSL library versions. Since with the release of OpenSSL 3.5 in April 2025 all features of CMP added by CMP Updates and described in more detail in the Lightweight CMP Profile (LCMPP) have been made available in upstream OpenSSL, since October 2025 this software is no more actively maintained.