PreviousNextUp[Front page] [Index]


Usually the enrollment process pre-selects one of the CAs in the system for each certification request, but requests without a CA mapping can also exist in the Database.

The operator should check if the selected CA is correct for the certification request. The selected issuing CA is extremely important as it will radically affect the policy decisions made for the request and will also determine the resulting certificate's future use to a great extent.

Creating self-signed certificates (certificates that do not have an issuing CA) is disallowed in request processing, but can be done using the Create Certificate option under the System Configuration main menu item. The operator must have super-user privileges for this, as certificates made that way bypass all CA policy code.

A request can also be approved by an RA, and if this is the case, the issuer field needs to contain a local RA of the system. Instead of issuing the certificate, the RA signs the certification request and sends it to the remote CA that is associated with this RA.

The CA list works as described in Section Database Search Options.

PreviousNextUp[Front page] [Index]