This page allows a suitably authorised ADSS RA Service Operator to manage the devices against which device certificates will be issued. Only those devices which are associated with the approved device categories for the currently logged-in RA Operator are shown .

Following page will be shown by clicking the Device Certificates button:

You can import device details in a comma separated file (CSV). Click Import button and the following page shown:


The CSV file structure must contain comma separated columns in following order:

  1. Device Name.
  2. Admin Name.
  3. Email.
  4. Category ID
  5. Profile ID
  6. IP Address
  7. Device Status 

Items 1-5 and 7 are mandatory. Item 6, the IP address is optional. If these data items are not present or provided in this order then the import will fail.

To skip the optional IP address column value, write it as:

Device Name, Admin Name, Email, Category ID, Profile ID, Device Status  

A new device is added by selecting the New button from the first screen above. The following configuration screen is then shown:


The configuration items are as follows:

Items

Description

Status

A device can be marked Active or Inactive.  
Only Active devices can be used by the RA service to process the device requests (using SCEP or via the web interface).

Device ID

A System-defined unique identifier for this device.

Device Name

An operator-defined unique name for easier human recognition within the ADSS Server RA Console.

Device Description

Use this field to describe how this device is to be used - this is just for operator information purposes.

Device Admin

Name of the person assigned to manage the device.

Email

Email address of the person that manages the device - used to send email alerts about certificate expiry etc

Category

The Category that will be associated with this device.

RA Profile

This option is used to enable Request signing before forwarding request to ADSS CA Server. Select the request signing certificate which pre-exists in the Key Manager.

Device Distinguish Name

Device Distinguish Name shows fields matching the RA Profile.

Response Encryption Settings

Select the Response Encryption Algorithm to encrypt the SCEP Response. Following Encryption algorithms are available:

  1. AES 128_CBC.
  2. AES 192_CBC.
  3. AES 256_CBC
  4. DES_CBC.
  5. DES_EDE3_CBC.

IP Address

Optional IP address of the device/application that will be associated with the device.

Challenge Password

A randomly generated password for verifying the authentication of the device when communication takes place for certificate generation against this device.

  • If password is not sent in the SCEP request then this request will not be entertained.
  • If password is not sent in the web interface request then this request will be treated as End User request and issued/pending requests will be shown in the End-User Certificates sub-module.

Create PFX

If device administrator doesn't want to use SCEP or PKCS#10 / CSR based approach then the RA Operator can use the Create PFX button. Once the key/certificate is generated then certificate/PFX is made available for download on the RA console.

The list of existing devices can be listed in either Ascending or Descending order according to the criteria: Device ID, Device Name and Created At.  They can be searched by clicking on the Search button which displays the Search device page as shown below:

Enter search criteria based on the Device ID, Device Name, Device Admin, Email, Category and RA Profile.
If more than one search parameters are provided, these are combined using the AND operator and the results are presented accordingly.


If "_" character is used in the search then it will act as wildcard.

 
See also

Configuring the RA Service

Device Certificates
End-User Certificates
Transactions Log Viewer
Logs Archiving
Alerts
RA Service Interface URLs