Device Certificates
This page allows a suitably authorised ADSS RA Service Operator to manage the devices against which device certificates will be issued. Only those devices which are associated with the approved device categories for the currently logged-in RA Operator are shown .
Following page will be shown by clicking the Device Certificates button:
You can import device details in a comma separated file (CSV). Click Import button and the following page shown:
The CSV file structure must contain comma separated columns in following order:
- Device Name.
- Admin Name.
- Email.
- Category ID
- Profile ID
- IP Address
- Device Status
Items 1-5 and 7 are mandatory. Item 6, the IP address is optional. If these data items are not present or provided in this order then the import will fail.
To skip the optional IP address column value, write it as:
Device Name, Admin Name, Email, Category ID, Profile ID, Device Status
A new device is added by selecting the New button from the first screen above. The following configuration screen is then shown:
The configuration items are as follows:
Items |
Description |
Status |
A device can be marked Active or Inactive. |
Device ID |
A System-defined unique identifier for this device. |
Device Name |
An operator-defined unique name for easier human recognition within the ADSS Server RA Console. |
Device Description |
Use this field to describe how this device is to be used - this is just for operator information purposes. |
Device Admin |
Name of the person assigned to manage the device. |
|
Email address of the person that manages the device - used to send email alerts about certificate expiry etc. |
Category |
The Category that will be associated with this device. |
RA Profile |
This option is used to enable Request signing before forwarding request to ADSS CA Server. Select the request signing certificate which pre-exists in the Key Manager. |
Device Distinguish Name |
Device Distinguish Name shows fields matching the RA Profile. |
Response Encryption Settings |
Select the Response Encryption Algorithm to encrypt the SCEP Response. Following Encryption algorithms are available:
|
IP Address |
Optional IP address of the device/application that will be associated with the device. |
Challenge Password |
A randomly generated password for verifying the authentication of the device when communication takes place for certificate generation against this device.
|
Create PFX |
If device administrator doesn't want to use SCEP or PKCS#10 / CSR based approach then the RA Operator can use the Create PFX button. Once the key/certificate is generated then certificate/PFX is made available for download on the RA console. |
The list of existing devices can be listed in either Ascending or Descending order according to the criteria: Device ID, Device Name and Created At. They can be searched by clicking on the Search button which displays the Search device page as shown below:
Enter search criteria based on the Device ID, Device Name, Device Admin, Email, Category and RA Profile.
If more than one search parameters are provided, these are combined using the AND operator and the results are presented accordingly.
If "_" character is used in the search then it will act as wildcard. |
See also
Device Certificates
End-User Certificates
Transactions Log Viewer
Logs Archiving
Alerts
RA Service Interface URLs