The ADSS Certification Service allows client applications to request the generation of keys and certificates on behalf of end users /customers. These keys and certificates can later be used within the ADSS Signing Service for server-side signing of documents as explained in the previous section. The following illustrates the use of the ADSS Certification Service with an external CA:

                                                        


  1. The client application registers end users or customers. The details of this interaction are outside the scope of the ADSS Server. The identification and authentication of end customers by the client application could for example be based on simple username/passwords, smartcards or one time password (OTP) tokens. 
  2. Upon registration of the customer, the client application then requests ADSS Server to generate keys on behalf of the customer and to certify the public key. ADSS Server generates a public key pair based on the configured certification profile and saves this inside either the HSM or database in case of software mode.
  3. ADSS Server then requests the certification of the public key from the configured external CA.  
  4. The CA provides the certificate, and ADSS Server again saves this in the HSM or database alongside the (protected) private key.
  5. ADSS Server then provides a response message back to the client application on the success or failure of the operation.


An internal CA module is also provided as part of the ADSS Server as an alternative to using an external CA.

See also

Identity Proven, Trust Delivered

ADSS Server Features and Benefits
ADSS Server Trust Services
ADSS Server Architecture & Interfaces
ADSS Signing Service Overview
ADSS Verification Service Overview
ADSS Certification Service Overview
ADSS OCSP Service Overview
ADSS TSA Service Overview
ADSS XKMS Service Overview
ADSS SCVP Service Overview
ADSS LTANS Service Overview
ADSS Decryption Service Overview
ADSS CRL Monitor Overview