1.3. PKI – processes and roles


Certificates have two key jobs – they are a container for the public key and they also connect the public key to the certificate issuer/key holder. The role of a certificate service provider is to confirm and guarantee this connection as an independent third party at the level that is in line with the CP/CPS. The following services, activities and roles are required to guarantee this:


Registration service

  • Certificate request from the applicant
  • Certificate request review by the registration authority officer (RAO), hereinafter referred to as the access manager.
  • Approval of the certificate request by the access manager (RAO)


Certificate generation service

  • Certificate generation


Revocation service (service to declare invalidity)

  • Online invalidity declaration by the certificate holder
  • Offline invalidity declaration by the access manager (RAO)


Dissemination services (dissemination of information)

  • CP/CPS
  • OCSP (Online Certificate Status Protocol) – online status of the certificate’s validity
  • CRL (Certificate Revocation List) – invalidity list (offline) for certificates
  • LDAP (Lightweight Directory Access Protocol)