Processing certificate requests

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Processing certificate requests

A certification authority (CA) performs the following operations when processing a certificate request:

  • Request reception. The certificate request is sent by the client application (such as the Certificate Request Wizard in the Certificates snap-in), which formats it into a PKCSĀ #10 or CMC format request and submits it to the CA. On receipt, the CA server engine stores the private key in its certificate database if it is configured for key recovery.

  • Request approval. The CA server engine calls the CA policy module, which queries the request properties, decides whether the request is authorized or not, and sets optional certificate properties. If the request is denied or set to Pending, the requestor is notified.

  • Certificate formation. If the request is approved, the CA server engine takes the request and any properties requested by the policy module, and then builds a complete certificate.

  • Certificate publication. The CA server engine stores the completed certificate in its certificate database and notifies the intermediary application of the request status. If the exit module has requested it, the server engine notifies it of a certificate issuance event. This allows the exit module to perform further operations, such as sending e-mail to the subject or the CA administrator. Meanwhile, the client application gets the issued certificate from the certificate database and saves it in its own local certificate store.