3.2.1.4.2.1.4.10.1 New Certificate Request with Pre-sign flag
A request can be designated for Pre-sign certificate processing by the client, as specified in section 3.1.1.4.3.8.1. In addition to the processing rules defined in section 3.2.1.4.2.1.4, the CA MUST perform the following processing on the certificate request:
If the Config_PreSignCert_Enabled flag (section 3.2.1.1.4) is not set, reject the request with a nonzero error.
Otherwise, process the request as defined in section 3.2.1.4.2.1.4.1 and construct a certificate to be returned to the client as specified in section 3.2.1.4.2.1.4.7, however the CA MUST sign the certificate (section 3.2.1.4.2.1.4.8) with its dummy signing key stored in the Signing_Dummy_Private_Key (section 3.2.1.1.4) rather than the real signing key stored in Signing_Private_Key data.