Processing certificate requests

A Windows 2000 certification authority (CA) performs the following operations when processing a certificate request:

1. Request reception. The certificate request is sent by the client application (such as the Certificate Request wizard in the Certificates snap-in), which formats it into a PKCS #10 format request and submits it to the CA.
2. Request approval. The CA server engine calls the CA policy module, which queries the request properties, decides whether the request is authorized or not, and sets optional certificate properties.
3. Certificate formation. If the request is approved, the CA server engine takes the request, and any properties requested by the policy module, and builds a complete certificate.
4. Certificate publication. The CA server engine stores the completed certificate in its certificate database and notifies the intermediary application of the request status. If the exit module has requested it, the server engine notifies it of a certificate issuance event. This allows the exit module to perform further operations, such as publishing the certificate to Active Directory. Meanwhile, the client application gets the published certificate from the certificate database and saves it in its own local certificate store.