3.1 Example 1: Enrollment from a Standalone CA (Basic Enrollment)

This example demonstrates the Enroll for a certificate use case described in section 2.5.3.1.

The goal of this example is to enroll for a certificate. The simplest case of certificate enrollment is basic enrollment. In this example, the caller creates a PKCS#10 request by populating its fields as the caller chooses. The caller then uses an implementation that has a WCCE client component to submit the request to the WCCE server (the CA).

Basic enrollment consists of a single message exchange between the client and the server where a client sends a certificate request to a server, which then issues the requested certificate.

Initial System State and Prerequisites

The example that is described in this section applies under the following conditions:

• The client implements the basic enrollment mode (in [MS-WCCE] section 3.1.1).

• The server implements the standalone CA mode (in [MS-WCCE] section 3.2.1) and the standalone CA role that is configured on the server to issue the certificates.

Sequence

Figure 13: Basic enrollment

The message flow represented in the preceding figure is as follows:

1. The end entity, by using a WCCE client component, creates a PKCS#10 request and submits it to the CA, as specified in [MS-WCCE] section 3.1.1.4.3.1.1.

2. The CA responds by issuing a certificate, as specified in [MS-WCCE] section 3.2.1.4.2.1.4.1.1.

Final System state

• The end entity has the issued certificate from CA.

• The CA-WCCE server stores the request fields in the Request table, as specified in [MS-WCCE] sections 3.2.1.4.2.1.4.4 and 3.2.1.4.2.1.4.5, along with the status of the certificate request and the end entity details.