Your browser does not support HTML5 local storage or you have disabled it. Some functionality on this site, including saving your privacy settings and offering you special discounts, uses local storage and may not work with local storage disabled. We recommend allowing the use of local storage in your browser. In some browsers, it is the same setting used for disabling cookies.
Usually the enrollment process pre-selects one of the CAs in the system for each certification request, but requests without a CA mapping can also exist in the Database.
The operator should check if the selected CA is correct for the certification request. The selected issuing CA is extremely important as it will radically affect the policy decisions made for the request and will also determine the resulting certificate's future use to a great extent.
Creating self-signed certificates (certificates that do not have an issuing CA) is disallowed in request processing, but can be done using the Create Certificate option under the System Configuration main menu item. The operator must have super-user privileges for this, as certificates made that way bypass all CA policy code.
A request can also be approved by an RA, and if this is the case, the issuer field needs to contain a local RA of the system. Instead of issuing the certificate, the RA signs the certification request and sends it to the remote CA that is associated with this RA.