Requester authentication varies from one CA to another. Some CAs require an administrator to review and approve a request, which might entail verifying your photo ID in your presence. VeriSign, a popular CA on the Internet, uses email to authenticate its Class 1 (the lowest level of security) certificates; you must successfully receive an email message from VeriSign and log on to its Web site to report the code specified in the email message. The Windows PKI leverages your existing AD account, providing automatic, integrated authentication for certificates requested from Windows Enterprise CAs. Windows CAs can run in two modes: Enterprise or Standalone. Among other things, Enterprise CAs integrate with AD for authentication, certificate and certificate revocation list (CRL) publication, and other certificate management tasks.
