In an ePassport Extended Access Control (EAC) infrastructure, the SPOC acts as a bridge to forward DV certificates requests to national and foreign CVCAs. The domestic DVs make requests to SPOC to get a certificate from national or foreign CVCAs. For this purpose, ADSS SPOC is configured on a DVCA instance as an external CA.

Select the SPOC Server from the CA Type drop down. The following page will be shown to configure the SPOC Server:

The items in the above screen are described below:

Items

Description

CA  Alias

An operator-defined unique name for easy management of SPOC Servers within ADSS Server. This is only for human identification purposes.

CA Type

ADSS Server (DVCA) can be configured to get the certificates from the ADSS SPOC Service. The supported request types are:

  • Create Domestic DV Certificate
  • Create Foreign DV Certificate
  • Rekey DV Certificate (Domestic/Foreign)

SPOC Country

This field allows you to select the required country from the drop-down for which SPOC Server is supported.

SPOC URL

This is the URL that will be used to communicate with ADSS SPOC Service. 

TLS Client Authentication

It is required for communication with the SPOC Server over the TLS Client Authentication. Select a TLS Client Authentication Certificate which pre-exists in the Key Manager

Note: ADSS SPOC Service communicates over mutual TLS so a TLS Client Certificate must be configured here. 

Certificate

The certificate that will be used for communication with SPOC Service over TLS.


See also

ADSS CA Server

Microsoft CA
Symantec MPKI
GlobalSign EPKI
GlobalSign HVCI
EJBCA
QuoVadis CA
Entrust CA

Entrust CA Gateway
Offline External CA
DigiCert PKI

DigiCert ONE MPKI
SPOC Server