Create CV Certificates - ADSS-Admin-Guide

Home > Key Manager > Service Keys > Creating CV Certificates > Create CV Certificates

Create CV Certificates

The creation process for both CVCA and DVCA Certificates are explained below:

Create CVCA Certificates

When the operator will select a key to certify with the purpose 'Country Verify CA (CVCA)', the following screen will be displayed:

The details are as follows:

Item	Description
Key Alias	Displays the name of the key pair to be certified.
Certificate Template	Displays the purpose defined for the key pair within ADSS Server.
Certificate Alias	Defines a unique internal name for the certificate (referred to as an alias) If the crypto source is Azure Key Vault HSM, then only characters A-Z, a-z, 0-9 and hyphen "-" are supported for certificate alias The special characters &, <, > can not be used in Certificate Alias
Country	This fields allows the operator to select the certificate's country from a drop-down list containing the countries.
Mnemonic	It is a unique identifier of a certificate that differentiates it from other certificates. The field allows the operator to fill up to 9 characters in the field, more than 9 characters are not allowed.
Sequence Number Algorithm	The sequence number also works as an identifier for a certificate that must have numeric or alphanumeric values. At the time of re-key of a certificate, the sequence number algorithm is required, where the new certificate will hold the same Country Code and Mnemonic but a new sequence number. The sequence number will be decided by the algorithm selected from the below options: Numeric In case of Numeric Sequence Number Algorithm, the sequence number will consist of 5 numeric digits. The generation of the next sequence number will depend on the value entered by the operator in the text field. Alphanumeric In case of Alphanumeric Sequence Number Algorithm, the sequence will consist of 5 alphanumeric values that can contain characters varying from "0-9", "a-z" and "A-Z". Use Country Code in Algorithm If this checkbox is checked, the sequence will consist of 5 alphanumeric values. The first characters will be two-letter country code e.g GB and the remaining three characters will be based on the numeric/alphanumeric type selected.
Auto Rekey Certificate	If the Auto Rekey checkbox is checked, the CVCA certificate will automatically be re-keyed before it's expiry. The rekey time can be set to defined number of hours before the certificate expiry. Navigate to Key Manager > Auto Renew Certificates.

Create DVCA Certificate

Before creating a DVCA Certificate, configure Domestic or Foreign CVCA in the Trust Manager module. Also, the operator must register a SPOC Server in External CAs module. To register a SPOC Server, click here.

When a SPOC Server is registered, the operator will select a key to certify with the purpose 'Document Verifying CA (DVCA)', the following screen will be displayed:

The details are as follows:

Item	Description
Key Alias	Displays the name of the key pair to be certified.
Certificate Template	Displays the purpose defined for the key pair within ADSS Server.
Certificate Alias	Defines a unique internal name for the certificate (referred to as an alias) If the crypto source is Azure Key Vault HSM, then only characters A-Z, a-z, 0-9 and hyphen "-" are supported for certificate alias The special characters &, <, > can not be used in Certificate Alias
Country	This fields allows the operator to select the certificate's country from a drop-down list containing the countries.
Mnemonic	It is a unique identifier of a certificate that differentiates it from other certificates. The field allows the operator to fill up to 9 characters in the field, more than 9 characters are not allowed.
Sequence Number Algorithm	The sequence number also works as an identifier for a certificate that must have numeric or alphanumeric values. At the time of rekey of a certificate, the sequence number algorithm is required, where the new certificate will hold the same Country Code and Mnemonic but a new sequence number. The sequence number will be decided by the algorithm selected from the below options: Numeric In case of Numeric Sequence Number Algorithm, the sequence number will consist of 5 numeric digits. The generation of the next sequence number will depend on the value entered by the operator in the text field. Alphanumeric In case of Alphanumeric Sequence Number Algorithm, the sequence will consist of 5 alphanumeric values that can contain characters varying from "0-9", "a-z" and "A-Z". Use Country Code in Algorithm If this checkbox is checked, the sequence will consist of 5 alphanumeric values. The first characters will be two-letter country code e.g GB and the remaining three characters will be based on the numeric/alphanumeric type selected.
Certificate Type	This drop-down field allows the operator to select the certificate type i.e. Domestic or Foreign.
Certificate Authority	If the operator has selected Domestic in Certificate Type drop-down field then list of Domestic CVCAs registered in Trust Manager module will be available in Certificate Authority drop-down. Similarly if the operator has selected Foreign in Certificate Type drop-down field then list of Foreign CVCAs registered in Trust Manager module will be available in Certificate Authority drop-down.
External CA	The External CA drop-down will list two types of External CAs: ADSS SPOC Offline CA If ADSS SPOC is selected, a request to generate a DV certificate will be sent to the configured SPOC server. All the SPOCs configured in Manage CAs module will be available in drop-down list. If Offline CA is selected, a certificate request will be created instead of a certificate. This request can be exported to the file system and then taken to the CVCA working in offline mode to get a certificate.
Auto Rekey Certificate	If the Auto Rekey checkbox is checked, the DVCA certificate will automatically be rekeyed before it's expiry. The rekey time can be set to defined number of hours before the certificate expiry. Navigate to Key Manager > Auto Renew Certificates.