Certificate Application
The CA generates an entity certificate by calculating the signature based on the entity information (describing device features). Therefore, when requesting a certificate from a CA, the device must provide the CA with entity information.
Figure 1 shows the procedure for applying for a certificate. To prevent entity information from being altered during transmission, the device first calculates a signature based on its own private key and entity information (including the public key), and further uses the entity information together with the signature to generate a certificate request to the CA.
After receiving the certificate application request of the device, the CA uses the public key contained in the entity information to authenticate the signature, and generates a certificate for the device only if the signature passes the authentication.
- Outband certificate application sending mode: A request file is stored in a floppy disk, CD-ROM, or mail and sent to the CA administrator. You can apply for a new certificate only using the outband certificate application sending mode.
- CMP certificate application sending mode: The certificate is applied for, managed, and maintained using CMPv2. You can update a certificate only using the CMP certificate application sending mode.