Re: [Pki-users] CErtificate profile validation

Technically, it can occur at either or both locations. However, from a business and operational point-of-view, most PKIs do the verification at the RA. This is because it allows different RA's to use different policies, procedures and tools to do the key-generation, verification, etc., before sending the verified CSR to the CA for signing. scale a CA to sign more certificates in a given unit of time if it only had to sign certificates and CRLs instead of verifying and signing. Yes, the CA can indeed add all the required constraints/extensions as needed to the certificate based on the profile, before it signs the CSR. Arshad Noor StrongAuth, Inc. ----- Original Message ----- From: "Thomas Shanthi-LST016" <Shanthi.Thomas(a)motorola.com&gt; To: pki-users(a)redhat.com Sent: Monday, March 22, 2010 9:00:59 AM (GMT-0800) America/Los_Angeles Subject: [Pki-users] CErtificate profile validation _______________________________________________ Pki-users mailing list Pki-users(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-users