There are some high-level models that most environments use to manage certificates. In the next few sections, we will uncover these models and the requirements and permissions needed to succeed with them. The Financial Company has already applied the self-service registration model as part of the manager-initiated model. The models are not explicit, but they are flexible, and TFC could use a mixture of both. Let's now look at the centralized management model.
The centralized management model works well when there is a tightly controlled HR process or a security officer enrolls a smart card for the user, and in general cases where a random PIN is assigned to the card. When the card is received by the subscriber (that is, the user), then they would perform the initial online unblock. The helpdesk would be able to assist if an offline unblock operation is needed. In the centralized model, the following permissions would be needed:
Service Connection...