Two common cert request formats are PKCS#10 and Netscape's SPKAC, which
is the "Signed public key and challenge." The challenge is primarily
to support completion of an enrollment/certification process when the
cert is retrieved OOB (cf. Verisign's enrollment process in which the
binding of the
: [EMAIL PROTECTED]
Subject: Re: Challenge: creating certificate
Is to prove (to the CA) that you actually own the private key
corresponding to the public key that you're sending in the request for
certification. You send the challenge and the signed challenge, and the CA
verifies the signature
Is to prove (to the CA) that you actually own the private key
corresponding to the public key that you're sending in the request for
certification. You send the challenge and the signed challenge, and the CA
verifies the signature with your public key. If it match, everything's ok.
Does it answer
