RFC 2314 (rfc2314) - Page 1 of 8
PKCS #10: Certification Request Syntax Version 1
Alternative Format: Original Text Document
Network Working Group B. Kaliski
Request for Comments: 2314 RSA Laboratories East
Category: Informational March 1998
PKCS #10: Certification Request Syntax
Version 1.5
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (1998). All Rights Reserved.
Overview
This document describes a syntax for certification requests.
1. Scope
A certification request consists of a distinguished name, a public
key, and optionally a set of attributes, collectively signed by the
entity requesting certification. Certification requests are sent to a
certification authority, who transforms the request to an X.509
public-key certificate, or a PKCS #6 extended certificate. (In what
form the certification authority returns the newly signed certificate
is outside the scope of this document. A PKCS #7 message is one
possibility.)
The intention of including a set of attributes is twofold: to provide
other information about a given entity, such as the postal address to
which the signed certificate should be returned if electronic mail is
not available, or a "challenge password" by which the entity may
later request certificate revocation; and to provide attributes for a
PKCS #6 extended certificate. A non-exhaustive list of attributes is
given in PKCS #9.
Certification authorities may also require non-electronic forms of
request and may return non-electronic replies. It is expected that
descriptions of such forms, which are outside the scope of this
document, will be available from the certification authority.
Kaliski Informational