3.1 Example 1: Enrollment from a Standalone CA (Basic Enrollment)
This example demonstrates the Enroll for a certificate use case described in section 2.5.3.1.
The goal of this example is to enroll for a certificate. The simplest case of certificate enrollment is basic enrollment. In this example, the caller creates a PKCS#10 request by populating its fields as the caller chooses. The caller then uses an implementation that has a WCCE client component to submit the request to the WCCE server (the CA).
Basic enrollment consists of a single message exchange between the client and the server where a client sends a certificate request to a server, which then issues the requested certificate.
Initial System State and Prerequisites
The example that is described in this section applies under the following conditions:
The client implements the basic enrollment mode (in [MS-WCCE] section 3.1.1).
The server implements the standalone CA mode (in [MS-WCCE] section 3.2.1) and the standalone CA role that is configured on the server to issue the certificates.
Sequence
Figure 13: Basic enrollment
The message flow represented in the preceding figure is as follows:
The end entity, by using a WCCE client component, creates a PKCS#10 request and submits it to the CA, as specified in [MS-WCCE] section 3.1.1.4.3.1.1.
The CA responds by issuing a certificate, as specified in [MS-WCCE] section 3.2.1.4.2.1.4.1.1.
Final System state
The end entity has the issued certificate from CA.
The CA-WCCE server stores the request fields in the Request table, as specified in [MS-WCCE] sections 3.2.1.4.2.1.4.4 and 3.2.1.4.2.1.4.5, along with the status of the certificate request and the end entity details.