Chapter 3.
29
CA: Handling Certificate Requests
A Certificate Manager agent is responsible for handling both manual enrollment requests made by end
entities (end users, server administrators, and other Certificate System subsystems) and automated
enrollment requests that have been deferred. This chapter describes the general procedure for
handling requests and explains how to handle different aspects of certificate request management.
3.1. Managing Requests
The procedure for handling certificate enrollment requests is as follows:
1. View the list of pending requests for the Certificate Manager (see
Section 3.2, “Listing Certificate
Requests”
).
2. Select a request from the list (see
Section 3.2.1, “Selecting a Request”
).
3. Process the request (see
Section 3.2.2, “Searching for Certificates (Advanced)”
and
Section 3.3,
“Approving Requests”
).
Processing a certificate request for a certificate allows one of several actions, listed in
Table 3.1,
“Possible Agent Actions for Certificate Requests”
.
Action
Description
Approve the request
A request can be approved manually by an
agent or automatically by the certificate profile
if the request has been authenticated and if the
system has been configured to allow automatic
enrollment. After a request has been approved,
the Certificate System issues the requested
certificate. The end user can be automatically
notified that the certificate was issued.
Reject the request
A certificate request can be rejected manually
or automatically by the certificate profile if the
request does not conform to the profile's defaults
and constraints. If automatic notification is
configured, a notification is automatically sent
to the requester when the certificate request is
rejected.
Cancel the request
A request can be canceled manually, but
requests can never be canceled automatically.
Users do not receive automatic notification of
canceled requests. Cancellation can be useful if
the user has left the company since submitting
the request or if the user has already been
contacted about a problem with the certificate
request and, therefore, does not need to be
notified.
Update the request
A pending certificate request can be updated by
changing some of its values, such as the subject
name. The different default values associated
with a certificate profile changed by the agent