3.4.1.2 Certify the User

To access protected content, the user needs a RAC that corresponds to the user's account. After performing any necessary service discovery, the client uses the Certify request to acquire a RAC. The server issues an asymmetric encryption key pair and identifies the user account in RMS. The client has to have a valid security processor certificate (SPC) before calling the Certify request. Full details of client certification can be found in [MS-RMPR] section 3.3.4.1.