Until now as you read in the previous part of this series, we have a working CA and a good understanding of certificates. The next step is to explain how the issuing process works.
To make a quick and dirty explanation: just like at a passport office.
To make a longer explanation: just like at a passport office, you make a request (your application for a passport) and for that you will need some kind of document that describes WHAT you want (your application), this is submitted and a passport is issued based on the application you submitted (if the application is wrong, passport is denied!).
with a CA you have to make/generate a certificate request, which in itself is kind of useless, it is like issuing your own passport :), and this you submit to the CA, the administrator then signs the request and thus makes it a valid certificate which he then sends back to you and which you then can use.
Your request does not have to be made at the CA, it can be made anywhere, as long as wherever you are you can generate a normal certificate request. once you have that you can send it to your administrator or use an online form to submit and sign (phpki or Windows Certificate services if you have that installed at your company). Maybe this graphic explains the process a little bit better:

Once you understand how it works and see how simple it ACTUALLY is, you probably will wonder why you haven’t implemented this until now. Especially since there are tools to automate the issuing process.

If you have of course a better suggestion on how to explain this process please let me know.

//Flosse

Click here if you want to see the full index and brief of the OpenSSL for eveything “project”

Popularity: 2% [?]