This step defines how to create CV certificates profile in Certification Service. A CV certificate profile is a set of parameters configured within the ADSS Certification Service which defines the characteristics of a certificates. The profiles are created to manage request processing modes i.e. Automatic/Manual and other certificate attributes.

To manage CV Certificate Profiles, navigate to the following screen in ADSS Server Console:

To create a new profile, click the New button, or create a replica of an existing profile by clicking Make a copy button. Clicking on the New button will display the following screen:

In case of DVCA, following fields will be displayed in Request Processing Mode: 

The configuration items are as follows:

Items

Description

Profile Identification

Defines the following:

Status

A CV certificate profile may be marked Active or Inactive. Note an inactive CV certificate profile will not be used to process certification requests.

Profile ID

A system-defined unique identifier for this profile.

Profile Name

An Operator-defined unique name for easier human recognition within the ADSS Operator Console. 

Profile Description

This can be used to describe the CV certificate profile in more detail (e.g. in which circumstances this certificate profile will be used and/or what sort of setting the certificate profile holds etc). This is for information purposes only.

Certificate Details

Defines the following:

CV Certificate Template

This field enables the operator to select a template for the certificates issued using this profile. 

Use Validity Period from Template

This radio button enables the operator to use the validity period defined in the selected CV Certificate Template.  

Use Custom Validity Period

This radio button enables the operator to manually define the validity period of the certificates that will be issued using this profile. The operator can select the number of Years, Months or Days from the drop-down field and define the required value in the corresponding field.

Request Processing Modes

Defines the following:

Automatic

The requests in Automatic mode will be processed automatically by Certification Service where no manual intervention by any operator is required. The requests differs in case of both CVCA and DVCA as shown below:

  • For CVCA instance:
    • CA Certificates Requests: SPOC makes these requests to get the CA Certificates that include CVCA and link certificates
    • Foreign Certificates Requests: to get certificates for foreign DVCAs
    • Domestic Certificates Requests: to get certificates for domestic DVCAs
  • For DVCA instance: 
    • CA Certificates Requests: Inspection Systems make these requests to get the DVCA and root CVCA certificates
    • Inspection Systems Certificate Requests: to get inspection system certificates issued by a DVCA

Manual

The requests in Manual mode will be processed manually where an operator can look into the contents of the request, invoke any vetting rules and approve or decline the request.  

Process Authenticated Requests without Approval

By marking this checkbox, the authenticated requests will be processed automatically even they are selected for Manual mode. The authenticated requests are approved by a foreign CVCA while requesting a foreign DVCA certificate by computing a signature over certificate request using CVCA key. Another form of authenticated requests are those where a DVCA (domestic/foreign) requests a re-key of the certificate and computes a signature over certificate request using its old key. The special signature over the certificate request can be digitally verified using the relevant public key, and due to this manual approval can be skipped for such requests. 

Note: This checkbox remains disabled if only 'CA Certificates Requests' will be selected for Manual mode because for these requests this is irrelevant. 


The list of existing certificate profiles can be sorted in either ascending or descending order by selecting a table column from the drop down list. 

Clicking on the 'Search' button on the CV Certificate Profile main page will display following screen:

The profile can be searched based on Status, Profile ID, Profile Name and Validity Period. If a search is based on multiple values, then these will be combined together using the “AND” operand, and thus only records that meet all the criteria will be presented.


If "_" character is used in the search then it will act as wildcard.


See also

Creating a Certification Profile
Creating an Attribute Certificate Profile