PKI operation
The following workflow describes how a PKI entity requests a local certificate from a CA that has RAs:
A PKI entity submits a certificate request to the RA.
The RA verifies the identity of the entity and sends a digital signature containing the identity information and the public key to the CA.
The CA verifies the digital signature, approves the request, and issues a certificate.
After receiving the certificate from the CA, the RA sends the certificate to the certificate repositories and notifies the PKI entity that the certificate has been issued.
The entity obtains the certificate from the certificate repository.