Certificate groups are invaluable when one or more keys may be unavailable to an instance of ADSS Server. Such a situation may occur when smart cards are used, e.g. one smart card attached to one server and another smart card attached to a second server.  When using PCI HSMs this can be valuable if key cloning is not allowed - each server can have a PCI HSM and the list of allowed keys on all servers are defined here. Now when ADSS Server runs it will determine the first key that is available to it and use that key for all requests on that server instance. Certificate Groups can also be formed for imported MSCAPI keys.


You can only group the certificates that are held on a hardware device or in MSCAPI. Certificates from Software Crypto Source cannot be grouped.


The Certificate Groups can be reviewed as shown below:



This list of Certificate Groups are summarized in this table structure for easy viewing.

Certificate Groups can be created within the Key Manager module for certificates held in hardware crypto sources. The following screen is used to configure Certificate Groups:

The following table explains different items on this page:

Items

Description

Group Name

Enter a friendly name for this Certificate Group. The name should be unique within this ADSS Server environment. Use a meaningful name for easy reference, e.g. Invoice Signing Certificates Group or Log Signing Certificates Group, etc.

Group Description

Use this to describe how this Certificate Group is to be used. This is just for operator information purposes.

Certificate Group Purpose

Select the Certificate Purpose for this Certificate Group.  The list of templates is populated based on the certificate templates generated in the Certificate Templates area.


Within the above screenshot, based on the selected certificate purpose, all certificates registered within the ADSS Key Manager held on the configured crypto devices will be shown in the left-hand box labelled Available Certificates. If it is required to add the certificates into the Group then simply move them across to the Assigned Certificate list by using the >> button. Certificates can be removed from the group by using the << button.

The list of assigned certificates can be viewed by clicking the "View" button under the "Assigned Certificates" column, resulting in the following window being shown:

Clicking on the certificate name will open a window showing the certificate details.


See also

Crypto Source

Service Keys
Key Templates
Certificate Templates
Certificate Purpose
CV Certificate Template
Auto Renew Certificates
Default DName
Alerts