Create CV Certificates
The creation process for both CVCA and DVCA Certificates are explained below:
Create CVCA Certificates
When the operator will select a key to certify with the purpose 'Country Verify CA (CVCA)', the following screen will be displayed:
The details are as follows:
Item | Description |
Key Alias |
Displays the name of the key pair to be certified. |
Certificate Template |
Displays the purpose defined for the key pair within ADSS Server. |
Certificate Alias |
Defines a unique internal name for the certificate (referred to as an alias) If the crypto source is Azure Key Vault HSM, then only characters A-Z, a-z, 0-9 and hyphen "-" are supported for certificate alias
The special characters &, <, > can not be used in Certificate Alias |
Country |
This fields allows the operator to select the certificate's country from a drop-down list containing the countries.
|
Mnemonic |
It is a unique identifier of a certificate that differentiates it from other certificates. The field allows the operator to fill up to 9 characters in the field, more than 9 characters are not allowed.
|
Sequence Number Algorithm | The sequence number also works as an identifier for a certificate that must have numeric or alphanumeric values. At the time of re-key of a certificate, the sequence number algorithm is required, where the new certificate will hold the same Country Code and Mnemonic but a new sequence number. The sequence number will be decided by the algorithm selected from the below options:Numeric |
Auto Rekey Certificate |
If the Auto Rekey checkbox is checked, the CVCA certificate will automatically be re-keyed before it's expiry. The rekey time can be set to defined number of hours before the certificate expiry. Navigate to Key Manager > Auto Renew Certificates. |
Create DVCA Certificate
Before creating a DVCA Certificate, configure Domestic or Foreign CVCA in the Trust Manager module. Also, the operator must register a SPOC Server in External CAs module. To register a SPOC Server, click here.
When a SPOC Server is registered, the operator will select a key to certify with the purpose 'Document Verifying CA (DVCA)', the following screen will be displayed:
The details are as follows:
Item | Description |
Key Alias |
Displays the name of the key pair to be certified. |
Certificate Template |
Displays the purpose defined for the key pair within ADSS Server. |
Certificate Alias |
Defines a unique internal name for the certificate (referred to as an alias) If the crypto source is Azure Key Vault HSM, then only characters A-Z, a-z, 0-9 and hyphen "-" are supported for certificate alias
The special characters &, <, > can not be used in Certificate Alias |
Country |
This fields allows the operator to select the certificate's country from a drop-down list containing the countries.
|
Mnemonic |
It is a unique identifier of a certificate that differentiates it from other certificates. The field allows the operator to fill up to 9 characters in the field, more than 9 characters are not allowed.
|
Sequence Number Algorithm | The sequence number also works as an identifier for a certificate that must have numeric or alphanumeric values. At the time of rekey of a certificate, the sequence number algorithm is required, where the new certificate will hold the same Country Code and Mnemonic but a new sequence number. The sequence number will be decided by the algorithm selected from the below options:Numeric |
Certificate Type | This drop-down field allows the operator to select the certificate type i.e. Domestic or Foreign. |
Certificate Authority | If the operator has selected Domestic in Certificate Type drop-down field then list of Domestic CVCAs registered in Trust Manager module will be available in Certificate Authority drop-down. Similarly if the operator has selected Foreign in Certificate Type drop-down field then list of Foreign CVCAs registered in Trust Manager module will be available in Certificate Authority drop-down. |
External CA | The External CA drop-down will list two types of External CAs:
If ADSS SPOC is selected, a request to generate a DV certificate will be sent to the configured SPOC server. All the SPOCs configured in Manage CAs module will be available in drop-down list.
If Offline CA is selected, a certificate request will be created instead of a certificate. This request can be exported to the file system and then taken to the CVCA working in offline mode to get a certificate. |
Auto Rekey Certificate |
If the Auto Rekey checkbox is checked, the DVCA certificate will automatically be rekeyed before it's expiry. The rekey time can be set to defined number of hours before the certificate expiry. Navigate to Key Manager > Auto Renew Certificates. |
See also