Table of Contents
Advertisement
Chapter
Requests
A Certificate Manager agent is responsible for handling both manual enrollment requests made by end entities (end users,
server administrators, and other Certificate System subsystems) and automated enrollment requests that have been de-
ferred. This chapter describes the general procedure for handling requests and explains how to handle different aspects of
certificate request management.
1. Managing Requests
The procedure for handling certificate enrollment requests is as follows:
1.
View the list of pending requests for the Certificate Manager (refer to Section 2, "Listing Certificate Requests").
2.
Select a request from the list (refer to Section 2.1, "Selecting a Request").
3.
Process the request (refer to Section 2.2, "Searching Requests" and Section 3, "Approving Requests").
Processing a certificate request for a certificate allows one of several actions:
•
Approve the request. A request can be approved manually by an agent or automatically by the certificate profile if the
request has been authenticated and if the system has been configured to allow automatic enrollment. After a request
has been approved, the Certificate System issues the requested certificate. The end user can be automatically notified
that the certificate was issued.
•
Reject the request. A certificate request can be rejected manually or automatically by the certificate profile if the re-
quest does not conform to the profile's defaults and constraints. If automatic notification is configured, a notification is
automatically sent to the requester when the certificate request is rejected.
•
Cancel the request. A request can be canceled manually, but requests can never be canceled automatically. Users do
not receive automatic notification of canceled requests. Cancellation can be useful if the user has left the company
since submitting the request or if the user has already been contacted about a problem with the certificate request and,
therefore, does not need notified.
•
Update the request. A pending certificate request can be updated by changing some of its values, such as the subject
name. The different default values associated with a certificate profile changed by the agent only results in the certific-
ate request values being changed but does not change its state.
•
Validate the request. A request that uses a certificate profile can be checked, or validated, to see if the request complies
with the defaults and constraints set by the certificate profile. This action only checks the request but does not submit
or edit the request.
•
Assign the request. A certificate request can be manually assigned by the agent processing the request to himself. Re-
quests cannot be assigned to another agent.
•
Unassign the request. A request can be removed from an agent's queue if necessary, such as when requests are as-
signed to an agent who has since left the company.
Approving, canceling, and rejecting certificate requests all alter the request status. Assigning, unassigning, update, and val-
idating certificate requests do not alter the request status. If the form is closed without taking one of these actions, the re-
quest remains in the queue with the same status.
Figure 3.1, "Certificate Request Management Process" illustrates the process for handling requests and the different types
of status for a request.
3.
CA:
Handling
19
Certificate
Chapter 3. CA: Handling Certificate
Advertisement
Table of Contents
