3.1.5.2 Processing A SignCert Response Message

Upon receiving the SignCert Response message (section 2.2.3), the client MUST send an enrollment request to the  Certification Authority (CA) server using the signed certificate request, and MUST store the certificate issued by the CA using a key storage provider (KSP) to be used by the upper layer for authentication, thus enabling connectivity to the corporate resources.

If the statusCode attribute does not equal Success, the client fails the operation. The client MAY<3> display an error message to the user indicating that the operation failed.