Public Key Infrastructure using X.509 (PKIX) certificates are used for a number of purposes@ the most significant of which is the authentication of domain names. Thus@ certification authorities (CAs) in the Web PKI are trusted to verify that an applicant for a certificate legitimately represents the domain name(s) in the certificate. As of this writing@ this verification is done through a collection of ad hoc mechanisms. This document describes a protocol that a CA and an applicant can use to automate the process of verification and certificate issuance. The protocol also provides facilities for other certificate management functions@ such as certificate revocation.