A certificate authority (CA) can delegate the processes of:
revocation and suspension of a subscriber’s certificate.
generation and distribution of the CA public key.
establishing a link between the requesting entity and its public key.
issuing and distributing subscriber certificates.,
Establishing a link between the requesting entity and its public key is a function of a registration
authority. This may or may not be performed by a CA; therefore, this function can be delegated.
Revocation and suspension and issuance and distribution of the subscriber certificate are functions
of the subscriber certificate life cycle management, which the CA must perform. Generation and
distribution of the CA public key is a part of the CA key life cycle management process and, as
such, cannot be delegated.