This section describes the measures taken to validate a requestor's identity prior to certificate issuance. It must reflect the certificate policy or policies implemented at the CA and detail identification procedures for:
■ Initial registration for a certificate. The measures taken to validate the identity of the certificate requestor.
■ Renewal of a certificate. Are the measures used for initial registration repeated when a certificate is renewed? In some cases, possession of an existing certificate and private key is sufficient proof of identity to receive a new certificate at renewal time.
■ Replacement of a revoked certificate. If a certificate must be replaced because of key compromise, such as a stolen laptop, what measures will be taken to ensure that the authorized user, not the person who stole the laptop, receives a new certificate?
■ Requests for revocation. When a certificate must be revoked, what measures will be taken to ensure that the requestor is authorized to request revocation of a certificate?
Was this article helpful?