Certificate Enrollment

A CA is a fussily bureaucratic beast. It will not issue certificates to just anyone. A client must submit its certificate request in a special format so that its identity can be quickly and reliably verified before its public key can be incorporated into a signed certificate. This process is called enrollment.

The most popular format for submitting enrollment requests is the PKCS #10 Certification Request. See RFC 2986, “PKCS #10: Certification Request Syntax Version 1.7,” for details about the contents of the request. (Documentation is also available at the RSA web site, www.rsalabs.com.) A PKCS #10 certificate request contains the following information:

  • Client's public key. This is the key the client wants the CA to ...

Get Inside Windows® Server 2003 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.