1.1.5 Basic Certificate Enrollment
Figure 1: Basic certificate enrollment
The individual steps are described as follows:
The enrollment client generates a certificate request. The certificate request contains the public key of the key pair, along with any other information required by the certificate template or configured by the user. The certificate request is signed by the private key of the key pair and is sent by the enrollment client to the certificate issuer.
The certificate issuer validates the certificate request and, if the request is valid, issues the requested certificate to the user; otherwise, it denies the request, or causes the request to be pending until a certificate manager manually approves or denies it.