PKI Tutorials - Herong's Tutorial Examples - Version 2.04, by Dr. Herong Yang
Requesting and Signing Personal Certificate
This section describes basic steps of issuing (requesting and signing) personal certificates. A Class 1 personal certificate only contains the person's email.
Based on my understanding, here are basic steps of issuing a personal certificate:
1. The person who wants to get a personal certificate needs use a tool to generate a private-public key pair.
2. The person then needs to generate a CSR (Certificate Signing Request), which includes the person's public key and identity information, like name, email address, etc.
3. The root CA or intermediate CA needs to verify the person's identity.
4. The CA issues a personal certificate which includes the person's verified identity information.
The picture below shows you 4 basic steps of issuing a personal certificate:
Certificates are usually classified based how much identity information is verified by the CA. For example, if only the person's email is verified, then a Class 1 personal certificate will be issued.
Last update: 2011.
Table of Contents