3.2.1.3 Initialization

• Interface Initialization: DCOM object (2) and interface initialization is performed by the DCOM object exporter in response to an activation request from the DCOM client. The Windows Client Certificate Enrollment Protocol client calls the DCOM client to initiate the activation request to the server. As a result, the DCOM server returns an object reference to the DCOM client, and the Windows Client Certificate Enrollment Protocol client can use this client object reference to make calls to the Windows Client Certificate Enrollment Protocol server methods specified in this document. The CA MUST initializes the object exporter as specified in [MS-DCOM] section 3.1.1.3. If Config_CA_Interface_Flags contains the values IF_NOREMOTEICERTREQUEST and IF_NOLOCALICERTREQUEST, the CA MUST NOT initialize the object exporter. The details of DCOM object initialization on the server, in response to client activation requests and ORPCs, are specified in [MS-DCOM] sections 3.1.1.5.1 and 3.1.1.5.4.

• Cryptographic Initialization: The CA MUST have access to the signing and exchange private keys. In addition, the CA SHOULD validate the CA signing certificate and its chain. The validation MUST be based on chain validation as specified in [RFC3280].

• Revocation Initialization: The CA SHOULD verify the validity of the last published base and delta CRL and publish new ones if required; the behavior MUST be as specified in [RFC3280].

• Configuration Initialization: The CA SHOULD initialize the Configuration List (section 3.2.1.1.4) as specified in [MS-CSRA] section 3.1.3.

• The CA SHOULD initialize ADM elements CA_Account_Name and CA_SID by invoking the processing rules in section 3.2.1.4.1.1, setting the CA_Account_Name equal to the OutputAccountName output parameter, and setting the CA_SID equal to the OutputSID output parameter.