Certificate Delivery

Digi-CA™ has different delivery options for each digital certificate it produces. The most common use for Digi-CA™ is to deliver end entity certificates. Prior to the installation of the Digi-CA™, the CP is documented and this determines what Method of Delivery is used for issuing a digital certificate.

The two principle Methods are the Package Method and the Process Method. An end entity certificates can be issued in different ways depending on the method of delivery chosen. A single issuing process can be decided on, or a combination of processes.

Certificate Delivery Methods

There are two primary ways that the end entity certificates are delivered. Either the certificate is delivered as a package [Package Method] or it is delivered as a result of a series of steps in a process [Process Method].

Methods of Delivery:

Digi-CA™ offers both of these Methods of Delivery.

Package Method Explained

Using the Package Method, the public and Private Keys are generated at the RA or Administrator’s PC. The public key is signed by the Digi-CA™ Engine and the entire end entity certificate is packaged in a single file and either sent to the end user or is installed on a Smart card, USB Token or any other suitable end entity certificates storage device. This package is also referred to as a PKCS#12, a .pxf or a .p12 Private Key Container Package.

Process Method Explained

Using suitable Digi-Cards™, Digi-Tokens™ or other suitable CSP storage device, a Private Key is generated and remains on the device and never leaves the user. When requesting an end entity certificates, the device generates the certificate Signing Request [CSR].

When the user enrolls at the web application form, the form data entered and the CSR are transferred to the Digi-CA™. The transfer occurs over a HyperText Transfer Protocol Secured [HTTPS]. On receiving the CSR, the Digi-CA™ Engine signs it and creates the x.509 certificate.

Usually, an email is then sent to the user to collect the end entity certificates. When the user clicks on the hyperlink within the email, using the TCP/IP Protocol, the certificate is installed on the user’s device.

As stated, the Digi-CA™ offers both of these Methods of Delivery.