A certificate policy describes the measures taken to validate a certificate’s subject prior to certificate issuance and the intended purposes of the certificate. For many organizations, it is the certificate-issuance policy that determines whether the presented certificate will be trusted.
For example, an organization is more likely to trust a certificate issued after a requestor presents photo identification than a certificate issued based on a user knowing an account and password combination.
A certificate policy should include the following information:
How the user’s identity is validated during certificate enrollment. Is identity provided by an account and password combination or must requestors ...