Clicking the Issued Certificates link lists all the issued certificates in descending approved date/time order that the RA Operator is authorised to see based on the assigned categories. RA Operator can select a certificate and click Details to view more information or click Revoke to initiate the revocation process or click Download to see the issued certificate.

Navigate to the following location of the ADSS Server Console:

The above screen shows a table of the issued certificates. These can be sorted in either Ascending or Descending order according to the criteria: Log ID, User Name, Cert Alias and Approval Date.

Clicking on Log ID or Details button will show the following page:

When user clicks on the Certificate Alias from the table above, the issued certificate is shown in certificate viewer like:



Clicking the New button allows an ADSS RA Service Operator to create a new certificate.

This screen allows a suitable authorized RA Operator to enter the certificate credentials and request a new key and certificate (PKCS#12/PFX). If dual control is enabled then the request is sent to the Security Officer for approval.

If dual control is disabled then the ADSS RA Operator is taken to a screen showing the following message: “Certificate (PFX/PKCS#12) generated. Click Download link below to get the certificate”.

The configuration items are as follows:

Items

Description

User Name

Username of the requester, this is used in renewal notifications.

Email

Email address of the user.

Category

The associated category of this device.

RA Profile ID

It shows profiles filtered on selected categories.Only assigned categories are shown. The DNs are set based on the attributes defined in the RA profile. Operator cannot update DN attributes which are hard wired in the RA Profile e.g. OU=OU rather only those which are represented with $ symbol e.g. CN=$CN.

View Profile

It shows a quick view of the RA Profile. 

PFX/PKCS#12 Password 

Password for the newly generated PFX/PKCS#12 

Distinguish Name Attributes

It shows fields matching the RA Profile. At least one attribute must be filled to register the device.


The special characters  &, <, > can not be used in Certificate Common Name.


All special characters except '$' sign can be used in Subject Distinguished Name.


Subject Alternative Name (SAN)

Provide the subject alternative name if you wish to add SAN extension in the certificate. You can add as many SANs as required by clicking the + button. We support rfc822Name, dNSName, iPAddress and otherName as subject alternative name that can be added through the console.

Note: SAN extensions must be enabled in the required certificate template in order to add these values in a certificate. If SAN extensions are not enabled in the template then the values provided in the field(s) will be discarded.


Following page is shown by clicking the Revoke button:

When a certificate is revoked from the above page then a certificate revocation request is sent to the ADSS CA Server to revoke the certificate.

A certificate can be reinstated if it is revoked with revocation reason certificateHold.


The screen for Issued Certificate is used to generate end user certificates in a face to face meeting. These certificates are generated right away after submitting the form so no request is shown in pending state for approval or decline.  If a review of this form is required by another administrator then consider enabling dual control for the RA Service > End-User Certificates module. Click here for help.


Clicking on the Search button displays the Search RA Profiles page as shown below:

Enter search criteria based on the Serial No, Subject DN, User Name, RA Profile, Category and Status. If more than one search parameters is provided, these are combined using the AND operator and the results are presented accordingly.


If "_" character is used in the search then it will act as wildcard.



See also

Pending Requests

Declined Requests