As illustrated in the following diagram, HTTP-based enrollment is handled by Microsoft® Internet Information Server (IIS). The enrollment code on the IIS server can be configured to talk to multiple Certificate Servers by supplying the name of a specific Certificate Server in the call to the Server Engine. For example, an organization might use a separate Certificate Authority (CA) for each division to provide flexibility over policies and key management. If this is the case, the enrollment code would then supply the name of the Certificate Server for the user's division when making the call to the Server Engine.
The IIS server has a series of HTML forms that allow the user to request certificate types if applicable and any identifying information that the CA needs in order to validate the request and generate the certificate.
