In this case the owner of the NetKey/ IDKey must undergo a registration process carried out by a recognized certification service. When doing so, proof of actual identity must be furnished in accordance with the relevant requirements of the certification service, e.g., based on a personal presentation and submission of an ID document.

The certification service only issues a certificate after it has approved the submitted proof of identity. The certification service acts as a so-called “third authority”. This means that the issued certificate is no longer merely an alleged identity but a verifiable identity.

Certification services also usually provide checking options in the form of standardized directory and revocation services.