The DutchGrid medium-security Certification Authority proves possession of the private key that is the companion to the DutchGrid medium-security Certification Authority root certificate by issuing certificates and signing CRL's.
The DutchGrid medium-security Certification Authority verifies the possession of the private relating to certificates requests by out-of-band, non-technical means at the time of authentication. Such verification may take the form of a directly posed question to requester. A cryptographic challenge- response exchange may be used to prove possession of the private key at any point in time before certification of subscriber.
The DutchGrid medium-security Certification Authority will not generate the key pair for subscribers and will not accept or retain private keys generated by subscribers.