3.1 Example 1: Enrollment from a Standalone CA (Basic Enrollment)

This example demonstrates the Enroll for a certificate use case described in section

The goal of this example is to enroll for a certificate. The simplest case of certificate enrollment is basic enrollment. In this example, the caller creates a PKCS#10 request by populating its fields as the caller chooses. The caller then uses an implementation that has a WCCE client component to submit the request to the WCCE server (the CA).

Basic enrollment consists of a single message exchange between the client and the server where a client sends a certificate request to a server, which then issues the requested certificate.

Initial System State and Prerequisites

The example that is described in this section applies under the following conditions:

  • The client implements the basic enrollment mode (in [MS-WCCE] section 3.1.1).

  • The server implements the standalone CA mode (in [MS-WCCE] section 3.2.1) and the standalone CA role that is configured on the server to issue the certificates.


Basic enrollment

Figure 13: Basic enrollment

The message flow represented in the preceding figure is as follows:

  1. The end entity, by using a WCCE client component, creates a PKCS#10 request and submits it to the CA, as specified in [MS-WCCE] section

  2. The CA responds by issuing a certificate, as specified in [MS-WCCE] section

Final System state

  • The end entity has the issued certificate from CA.

  • The CA-WCCE server stores the request fields in the Request table, as specified in [MS-WCCE] sections and, along with the status of the certificate request and the end entity details.