![]() |
| |||||||||
|
Certificate EnrollmentCertificate enrollment is an action in which a CA certifies a public key. A certification authority can delegate authentication of the end entities as well as certain other administrational tasks to so-called registration authorities (RA). Using local RAs a large geographically or operationally distributed PKI can work in a scalable way, even when the actual certificate issuing is centralized. The actual enrollment process consists of the following steps:
End entities can use standard request formats to request certificates from a CA. The CA uses the underlying policy to decide whether to approve the request or not. The policy decision and the approval/denial can be automatic, or it may be required that the operator of the CA has to approve certificate requests manually. If identification of the end entity is needed, the RA may perform this function. If the request is approved, a signed certificate will be issued and delivered to a public directory. Finally, when the issued certificates are available in the directories, all entities in the PKI can verify each other's certificates with the CA's public key.
[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]
Copyright © 2001 SSH Communications Security Corp |