3.1.4.2.1.2 QueryTokenStatus Request Processing
A wst:RequestSecurityToken message with a <wst:RequestType> of "http://schemas.microsoft.com/windows/pki/2009/01/enrollment/QueryTokenStatus" is used to retrieve an issued certificate or check the status of a certificate request that was pending.
For this type of message, the server has additional syntax constraints on the request message.
The wstep:RequestID element is a null-terminated Unicode string that contains a certificate request identifier (as defined in section 3.1.4.1.2.4). If the <wstep:RequestID> element is absent, defined as nil, or contains no value the server MUST return a SOAP fault.
The server MUST provide the wstep:RequestID to the Issuer.
If the Issuer responds with an error, the server MUST respond with a SOAP fault. If the Issuer indicates the issuance is pending, the server MUST use the Issuer response to generate a pending wst:RequestSecurityTokenResponseCollectionMsg message. If the Issuer responds with an issued certificate, the server MUST respond with a wst:RequestSecurityTokenResponseCollectionMsg message providing the issued certificate.