Retrieval, usage, and maintenance of a digital certificate
The following workflow describes the retrieval, usage, and maintenance of a digital certificate. This example uses a CA which has an RA to process certificate enrollment requests.
A PKI entity generates an asymmetric key pair and submits a certificate request to the RA.
The certificate request contains the public key and its identity information.
The RA verifies the identity of the entity and sends a digital signature containing the identity information and the public key to the CA.
The CA verifies the digital signature, approves the request, and issues a certificate.
After receiving the certificate from the CA, the RA sends the certificate to the certificate repository and notifies the PKI entity that the certificate has been issued.
The PKI entity obtains the certificate from the certificate repository.
To establish a secure connection for communication, two PKI entities exchange local certificates to authenticate each other. The connection can be established only if both entities verify that the peer's certificate is valid.
You can remove the local certificate of a PKI entity and request a new one when any of the following conditions occur:
The local certificate is about to expire.
The certificate's private key is compromised.