Patent attributes
Components of a public certificate authority (CA) generate respective cryptographic assertions during performance of respective tasks of a certificate issuance workflow and a workflow approval component approves/rejects certificate issuance, based upon verification of the cryptographic assertions. For example, a workflow manager may assign tasks of a certificate workflow process to a number of components that process the tasks. The components generate responses and sign the respective responses with keys particular to each component. The workflow manager gathers the cryptographic assertions and sends them to a workflow approval component that validates the assertions, verifies the assertions indicate successful completion of the workflow and approves or rejects certificate issuance.