Policies and Certificate Requests

The evaluation of certificate requests and issuance of certificates is performed according to the policy specified by the currently installed policy module. The policy module is installed by the administrator. If one is not installed, the default policy is used. To set the policy, the administrator must replace the policy module, which is code that implements a policy. For information on changing policies, see Customizing Certificate Server.

A certificate is issued only if the corresponding request is accepted by the policy module. The policy module may accept, deny, or delay consideration of a request depending upon the specifics of the policy and the request's properties. Delayed consideration means that a request can be held pending determination of policy acceptance through some out-of-band mechanism. For example, a policy may require that verbal confirmation of an individual's identity be obtained before requests can be accepted.

In this version of Microsoft® Certificate Server, the default policy is to always accept the certificate request.