This step defines how to create CV certificates profile in Certification Service. A CV certificate profile is a set of parameters configured within the ADSS Certification Service which defines the characteristics of a certificate. The profiles are created to manage request processing modes i.e. Automatic/Manual and other certificate attributes.


To manage CV Certificate Profiles, navigate to the following screen in ADSS Server Console:



To create a new profile, click the '+' button. We can also create a replica of an existing profile by clicking vertical eclipse and then 'Make a copy' button. Clicking on the New button will display the following screen:



Fill out the required information on Profile Identification screen. Once done, you will be navigated to Certificate Details. See the image below:



Fill out the required information on Certificate Details screen. Once done, you will be navigated to Request Processing Modes. See the image below:


 

Once all the configurations are done, click on the 'Save' button.


The configuration items are as follows:


Items

Description

Profile Identification

Defines the following:

Status

A CV certificate profile may be marked Active or Inactive. Note an inactive CV certificate profile will not be used to process certification requests.

Profile ID

A system-defined unique identifier for this profile.

Profile Name

An user-defined unique name for easier human recognition within the ADSS user Console. 

Profile Description

This can be used to describe the CV certificate profile in more detail (e.g. in which circumstances this certificate profile will be used and/or what sort of setting the certificate profile holds etc). This is for information purposes only.

Certificate Details

Defines the following:

CV Certificate Template

This field enables the user to select a template for the certificates issued using this profile. 

Use Validity Period from Template

This radio button enables the user to use the validity period defined in the selected CV Certificate Template.  

Use Custom Validity Period

This radio button enables the user to manually define the validity period of the certificates that will be issued using this profile. The user can select the number of Years, Months or Days from the drop-down field and define the required value in the corresponding field.

Request Processing Modes

Defines the following:

Automatic

The requests in Automatic mode will be processed automatically by Certification Service where no manual intervention by any user is required. The requests differs in case of both CVCA and DVCA as shown below:

  • For CVCA instance:
    • CA Certificates Requests: SPOC makes these requests to get the CA Certificates that include CVCA and link certificates
    • Foreign Certificates Requests: to get certificates for foreign DVCAs
    • Domestic Certificates Requests: to get certificates for domestic DVCAs
  • For DVCA instance: 
    • CA Certificates Requests: Inspection Systems make these requests to get the DVCA and root CVCA certificates
    • Inspection Systems Certificate Requests: to get inspection system certificates issued by a DVCA

Manual

The requests in Manual mode will be processed manually where an user can look into the contents of the request, invoke any vetting rules and approve or decline the request.  

Process Authenticated Requests without Approval

By marking this checkbox, the authenticated requests will be processed automatically even they are selected for Manual mode. The authenticated requests are approved by a foreign CVCA while requesting a foreign DVCA certificate by computing a signature over certificate request using CVCA key. Another form of authenticated requests are those where a DVCA (domestic/foreign) requests a re-key of the certificate and computes a signature over certificate request using its old key. The special signature over the certificate request can be digitally verified using the relevant public key, and due to this manual approval can be skipped for such requests. 

Note: This checkbox remains disabled if only 'CA Certificates Requests' will be selected for Manual mode because for these requests this is irrelevant. 


The list of existing certificate profiles can be sorted in either ascending or descending order by selecting a table column from the drop down list. 


Clicking on the 'Advanced Search' button on the CV Certificate Profile main page will display following screen:



The profile can be searched based on Status, Profile ID, Profile Name and Validity Period. If a search is based on multiple values, then these will be combined together using the “AND” operand, and thus only records that meet all the criteria will be presented.


See also

Service Manager

Certification Profiles

CV Certificate Profiles

Attribute Profiles

Directory Integration

Identity Certificates

Attribute Certificates

Transaction Logs

Log Archiving

Alerts

Advanced Settings