Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Overview of certificate request processing for preregistered SCEP clients z/OS Cryptographic Services PKI Services Guide and Reference SA23-2286-00 |
|
Following preregistration, when the preregistered SCEP client requests a certificate (sends a SCEP request), PKI Services searches for a preregistration record matching the client name. If found, PKI Services compares the values in the request to the challenge password and any subject name or alternate name information specified by the PKI administrator or supplied in the <CONSTANT> template section. (If not found, the SCEP request is automatically rejected.) Based on the comparison of values in the request with those in
the preregistration record, PKI Services considers the request to be in
one of the following states:
Depending on how you customize the variables in the SCEP (preregistration) certificate template, a certificate request from an Authenticated SCEP client is either automatically approved and fulfilled synchronously or it is queued for administrator approval. Likewise, a certificate request from an Unauthenticated or Semiauthenticated SCEP client is either queued for administrator approval or it is automatically rejected. |
Copyright IBM Corporation 1990, 2014
|