Certification Service

The following configurations relating of the Certification Service can be made within Client Manager

Allow the client to access ADSS Certification Service.
Assign the Certification Profiles which can be accessed by this client.
Configure a default Certification Profile for this client.
Configure a default CV Profile for this client if you are using the service to issue certificates for E-Passport PKI.

Once a client is registered, permissions to access the Certification Service can be granted by editing this client. On the edit screen, clicking on the Certification Service link at the top of the page shows the following screen:

Select the Allow this client to access the ADSS Certification Service check box. This ensures that the client can make certification service requests to ADSS Server. If the application also needs to access other ADSS services (e.g. verifying signed documents or validating certificates) then the relevant links (e.g.Verification Service) should be followed to allow permissions for these services.

The next action is to define which certification/attribute profiles (configured within the ADSS Certification Service) are to be made available to this client. Remember that certification/attribute profiles are configurations that define the characteristics of the certificate to be issued under this profile (e.g. its lifetime and internal fields). By default all the existing certification and attribute profiles will be made available to each newly registered client. Different clients may need to have access to different certification and attribute profiles. In order to allow access to a particular certification or attribute profile, simply move that profile from the left-hand group box labelled Available Certification/Attribute Profiles to the right-hand group box labelled Selected Certification/Attribute Profiles using the >> button shown in the screenshot above. Clients can only reference those certification/attribute profiles that are shown in the Selected Certification/Attribute Profiles. To remove access to a particular profile use the opposite << button to move the relevant profile back to the right-hand box.

The Profile Usage Map button provides an overview of which profiles are being used by which clients.

The Default Certification/Attribute Profile defines which profile to use in case the request message from this client does not reference any specific certification/attribute profile.

The Default CV Profile defines which profile to use in case the request message from this client does not reference any specific CV profile.

When the client is communicating with ADSS Server over a mutual TLS and 'Require HTTP Basic Authentication with TLS Client Authentication' checkbox is enabled, then, both TLS client authentication certificate and client credentials (i.e ClientID and Client Secret) are required to identify and authenticate the client registered in Client Manager. If the client is not communicating over mutual TLS and this option is also enabled, then, this checkbox will be ignored and the client will be authenticated using HTTP Basic authentication.

Note: The above configuration will only work with EST interface of Certification Service.

Click the Save button when the list is updated to store the changes.

Whenever configurations are updated on this page remember to restart the Certification Service and have the changes take effect.