A certificate policy (CP) is a document which aims to state what are the different entities of a public key infrastructure (PKI), their roles and their duties.
The reference document for writing a certificate policy is, as of December 2010[update], RFC 3647.
The generation The different procedures for certificate application, issuance, acceptance, renewal, re-key, modification and revocation are a large part of the document.
These procedures describe how each actor of the PKI has to act in order for the whole assurance level to be accepted.
The PKI needs to be audited to ensure it complies with the rules stated in its documents, such as the certificate policy.