Product Documentation

Methods of Certificate Issuance

Dec 21, 2015
There are two fundamental methods of obtaining a certificate, which in this context shall be called methods of issuance:
  • SIGN. With this method, the issuance involves creating a new key pair, creating a Certificate Signing Request (CSR) for the key pair, and submitting it to a CA for signature.
  • FETCH. With this method, the issuance (from the point of view of XenMobile) is in actuality a recovery of an existing certificate and key pair.

A Credential Provider uses exactly one of these methods; which method is selected impacts which configuration options are available. Notably, CSR configuration and distributed delivery are only available if the issuing method is sign. If the certificate is fetched, it is always sent as a pkcs#12 to the device (equivalent to centralized delivery mode for the sign method).

Which issuing methods are available for a Credential Provider will depend on the capabilities the PKI Entity it uses supports.