1.1.5 Basic Certificate Enrollment

The certificate enrollment is the process by which an end entity obtains the certificate from the certificate issuer. The following diagram shows the basic certificate enrollment process.

Basic certificate enrollment

Figure 1: Basic certificate enrollment

The individual steps are described as follows:

  1. The enrollment client generates a certificate request. The certificate request contains the public key of the key pair, along with any other information required by the certificate template or configured by the user. The certificate request is signed by the private key of the key pair and is sent by the enrollment client to the certificate issuer.

  2. The certificate issuer validates the certificate request and, if the request is valid, issues the requested certificate to the user; otherwise, it denies the request, or causes the request to be pending until a certificate manager manually approves or denies it.