Home > Concepts & Architecture > ADSS Certification Service Overview

ADSS Certification Service Overview

The ADSS Certification Service allows client applications to request the generation of keys and certificates on behalf of end users /customers. These keys and certificates can later be used within the ADSS Signing Service for server-side signing of documents as explained in the previous section. The following illustrates the use of the ADSS Certification Service with an external CA:

1. The client application registers end users or customers. The details of this interaction are outside the scope of the ADSS Server. The identification and authentication of end customers by the client application could for example be based on simple username/passwords, smartcards or one time password (OTP) tokens.
2. Upon registration of the customer, the client application then requests ADSS Server to generate keys on behalf of the customer and to certify the public key. ADSS Server generates a public key pair based on the configured certification profile and saves this inside either the HSM or database in case of software mode
3. ADSS Server then requests the certification of the public key from the configured external CA
4. The CA provides the certificate, and ADSS Server again saves this in the HSM or database alongside the (protected) private key
5. ADSS Server then provides a response message back to the client application on the success or failure of the operation.

An internal CA module is also provided as part of the ADSS Server as an alternative to using an external CA.