The following configurations relating of the Certification Service can be made within Client Manager

  • Allow the client to access ADSS Certification Service.
  • Assign the Certification Profiles which can be accessed by this client.
  • Configure a default Certification Profile for this client.


Once a client is registered, permissions to access the Certification Service can be granted by editing this client. On the edit screen, clicking on the Certification Service link at the top of the page shows the following screen:



The configuration items are as follows: 


Items

Description

Allow this client to access the ADSS Certification Service

To grant the client access to the ADSS Certification Service, select the Allow this client to access the ADSS Certification Service checkbox. This enables the client to submit certification service requests to the ADSS Server. If the application also requires access to other ADSS services, such as verifying signed documents or validating certificates, navigate to the respective links (e.g., Verification Service) to configure the necessary permissions.

Certification/Attribute Profile

The next step involves specifying which certification or attribute profiles (configured within the ADSS Certification Service) should be accessible to this client. Certification and attribute profiles define the characteristics of the certificates issued under them, such as their validity period and internal attributes. By default, all existing certification and attribute profiles are available to newly registered clients. However, different clients may require access to specific profiles.


To grant access to a particular certification or attribute profile, move the desired profile from the Available Certification/Attribute Profiles list (left-hand box) to the Selected Certification/Attribute Profiles list (right-hand box) using the >> button. Clients can only use the profiles listed in the Selected Certification/Attribute Profiles section. To revoke access to a profile, use the << button to move it back to the left-hand box.

Profile Usage Map

The Profile Usage Map button provides an overview of which profiles are being used by which clients.

Default Certification/Attribute Profile

The Default Certification/Attribute Profile defines which profile to use in case the request message from this client does not reference any specific certification/attribute profile.

Enable Service Plan for this Client

Enabling this option allows the client to access service plan configuration settings.

Transaction Limit

This field lets the operator define the maximum number of transactions the client can perform. 

The value must range between 1 and 9,223,372,036,854,775,807. A value of '0' is not permitted.

Apply Transaction Limit by Request Type

This option allows the operator to set transaction limits based on specific request types. For the Certification Service, the available request types include: 

  • Change Password
  • Recovery Key
  • Create
  • Delete
  • Revoke
  • Renew
  • Rekey
  • Import
  • Authorize
  • Unauthorize
  • Get Profile Info
  • Send SCT
  • CA Certs
  • Get Certificates

Start From

Select the starting date when the service plan will be started. 

Expire After

Define the duration after which the service plan will expire. Users can specify the expiry period by selecting a number of days, months, or years.

Send alerts when the service plan has expired

By enabling this checkbox, an alert will be sent to the client when the plan has expired.

Send alerts before this service plan expires

When enabled, this checkbox activates a field where the user can specify the number of days before the plan’s expiry to send an alert to the client.   

Send alerts when transaction limit has been reached

Enabling this option sends an alert to the client when the transaction limit reaches a specified percentage, as defined by the user.

Auto-Renew service plan before expiry by

This option allows the user to configure automatic renewal of the service plan before its expiry by specifying a time frame in hours, days, or months.

Auto-Renew service plan when transaction limit is reached

Enabling this option sets the service plan to renew automatically once the transaction limit reaches the defined percentage.

Renew Service Plan

This button allows the user to manually renew the service plan. Note that this button is disabled if auto-renewal options are selected.

EST Client Authentication Settings

When the client communicates with the ADSS Server over mutual TLS and the Require HTTP Basic Authentication with TLS Client Authentication checkbox is enabled, both the TLS client authentication certificate and the client credentials (ClientID and Client Secret) are required for identifying and authenticating the client registered in the Client Manager. However, if the client does not use mutual TLS and this option is enabled, the checkbox will be disregarded, and the client will instead be authenticated using HTTP Basic authentication.


​The alert checkboxes will trigger alerts only if the client has configured both an email address and a mobile number in general settings for the client.


Click the Save button when the list is updated to store the changes.

​Whenever configurations are updated on this page remember to restart the Certification Service and have the changes take effect.


See also

Signing Service
Certification Service
Verification Service
SAM Service
RAS Service
CSP Service
Unity Service
Advanced Settings