Techniques for multiple independent verifications for digital certificates

摘要

A method includes (a) receiving, at a computing device, a first certificate signing request (1CSR) from a certificate authority (CA), the 1CSR including an embedded second certificate signing request (2CSR), the 2CSR having been received by the CA from an entity seeking a signed certificate from the CA that validates an identity claim made by the entity in the 2CSR, the CA having performed a preliminary verification of the 2CSR prior to embedding it in the 1CSR, (b) verifying that the 1CSR came from the CA, (c) performing a verification procedure on the embedded 2CSR independent of the preliminary verification performed by the CA, to validate the identity claim made by the entity in the 2CSR, and (d) upon successfully validating the identity claim made by the entity in the 2CSR, sending a certificate to the CA, the certificate validating the identity claim made by the entity in the 2CSR.

主权项

1. A method performed by a computing device, the method comprising:
receiving, at the computing device, a first certificate signing request (1CSR) from a certificate authority (CA), the 1CSR including an embedded second certificate signing request (2CSR), the 2CSR having been received by the CA from an entity seeking a signed certificate from the CA that validates an identity claim made by the entity in the 2CSR, the CA having performed a preliminary verification of the 2CSR prior to embedding it in the 1CSR; verifying, at the computing device, that the 1CSR came from the CA; performing a verification procedure on the embedded 2CSR at the computing device independent of the preliminary verification performed by the CA, to validate the identity claim made by the entity in the 2CSR; and upon successfully validating the identity claim made by the entity in the 2CSR, sending a certificate from the computing device to the CA, the certificate validating the identity claim made by the entity in the 2CSR.