Introduction


Vetting is the process to investigate (someone) thoroughly, especially in order to ensure that they are suitable for a job requiring secrecy, loyalty, or trustworthiness.

Similarly, the digital certificates are legal identities for humans and businesses and the Certificate Authorities (CAs) held responsible to issue the certificates to the valid legal identities. To make sure that the requesting entity (a person or a business) is legally authorized to have a certificate, the CAs and RAs introduce the vetting process. Vetting process checks for validation of the information provided by the requester automatically or manually. The following are some examples of the vetting checks performed by and RAO and these checks can vary based on the certificate types:


  1. Validity of the email address
  2. Proof of employment 
  3. Proof of organization
  4. Proof of domain ownership
  5. Operational existence
  6. Physical address
  7. Final verification call etc.


Web RA provides an option to define the dynamic vetting form for each certificate profile to provide additional information with a certificate request. You can design vetting forms within Web RA and can associate them with the Service Profiles, i.e. Certification Service Profile or CSP Service Profile. These forms are shown to the end user whenever they request a certificate against these certification profiles i.e., an SSL certificate with an SSL certificate profile or a signing certificate with a signing certificate profile.


How It Works?


  1. The vetting can be performed either by the Web RA Administrators (Admin RAO) or the Enterprises Administrators (Local/Enterprise RAO) based on the criticality of the certificates. The certificate issuance time for the these certificates can vary from hours to days based on the criticality and the complexity of the validation process. In a standard use case the following certificates are usually vet by the Admin RAO because they require more critical validation and responsibility: 
    1. TLS Server Authentication certificates
    2. Code Signing certificates
    3. eSeal/Legal Person/Organizational certificates
  1. The following certificates can be vetted by the Enterprise RAO and can be issued in minutes to hours depending upon the vetting process:
    1. Document Signing certificates
    2. Email Signing certificates
    3. TLS Client Authentication certificates etc.

An option exists in the ADSS Service Profiles to decide whether a certificate will be vetted by the Administrator RAO or the Enterprise RAO.


Create a Vetting Form


To use the vetting forms with the certificate requests, you need to set the Vetting Method Settings to Manual Vetting from the Configurations > Default Settings otherwise vetting forms will not be displayed to the end user while submitting the certificate requests.

If the Vetting Method Settings is changed to None from the General Settings then vetting form will not be shown to the end users even if these are configured in the ADSS Service Profiles


  1. Click Vetting Forms from the left menu.
  2. Click  from the grid header. 
  3. A dialog will appear to add the vetting form details. Specify the details and click Save to proceed to form designing.
  4. A screen will appear to add fields in the vetting form. Drag and drop the required fields in the form and customise them. See the below table for fields description.
  5. When you are done with the vetting form designing, click Close.
  6. A new vetting form will be created and displayed in the list.


Basic Information

Field

Description

Name

Specify a unique name for this vetting form, i.e. My Vetting Form. The vetting forms are used in the configuration of ADSS Service Profiles. 

Provider

Specify any description related to this vetting form for your record.

Subscriber Agreement

This field will display the list of active subscriber agreements in Web RA. Select the one to use for this vetting form. The users requesting certificates will have to agree with this agreement clauses during vetting process.

Active

Tick this check box to make this vetting form active. Inactive vetting forms cannot be configured in the ADSS Service Profiles.




Details

Field

Description

Language

Select a language in which this vetting form should appear to the operator/user. Web RA currently supports English, French and Arabic languages.




Supported Field Types

Field

Description

Text

Add this field to get any textual information of the user, i.e. User Name, Address, Reason of Certificate Request, etc.

Email

Add this field to get any email of the user, i.e. Personal Email, Official Email, etc.

File Upload

Add this field to get any document attachment of the user, i.e. User Photo, Identity Card, Declaration, etc.

Number

Add this field to get any numeric information of the user, i.e. User Mobile Number, National ID, NTN, etc.

Checkbox

Add this field to allow selecting multiple options for a user from the predefined listed items, i.e. User certificate has expired, user certificate has been revoked, user requires certificate for personal use, user requires certificate for official use, user has a bank account, etc.

Radio

Add this field to allow selecting a single option for a user from the predefined listed items, i.e. Gender, Marital Status, etc.

Dropdown

Add this field to allow selecting a single option for a user from the predefined drop-down list, i.e. Age Group, Qualification, etc. After the drag and drop activity, click the field to customise it.

Date

Add this field to get any date related information of the user, i.e. User Date of Birth, Certificate Expired Date, Certificate Revoked Date, etc.

Time

Add this field to get any time information of the user, i.e. Time of certificate request, etc.



The following is the explanation of each attribute against the above fields where applicable:


  • Name: Specify a name for this field that will be shown to a Web RA operator/user, e.g. User Name, Marital Status. This Name field is mandatory for all field types. A default value for each field is set when you drag the field i.e. if you are dropping TEXT field, the name will be TEXT, and it will be saved for all supported languages.
  • Description: Specify any helpful information related to this field that could be shown to a Web RA operator/user on the field tool tip.
  • Default Value: Specify a value that you want to be auto filled in by the system. If a Web RA user does not provide any information in this field while filling vetting form then the default value will set. Make this field empty if you want the user to provide the information.
  • Placeholder: Specify any hint regarding this field that could be shown as placeholder to a Web RA operator/user, from which they may get an idea as what to enter. The supplied text will be available inside the field in different color, and will vanish on data entry.
  • Min Length: This is a field validation check to allow getting textual information in a particular characters range. Specify the minimum number of characters that can be filled in this field. Web RA will enforce a Web RA users to at least enter this much characters in the field.
  • Max Length: This is a field validation check to allow getting textual information in a particular characters range. Specify the maximum number  of characters that can be filled in this text field. Web RA will restrict a Web RA users to enter characters beyond this limit.
  • Max File Size: This is a field validation to allow uploading a certain size of file. Specify the maximum file size in KBs (i.e. 1000) that can be uploaded against this field. Web RA will restrict a Web RA operator to upload a file beyond this limit.
  • Allowed File Extensions: Specify the types of files (i.e. jpg, png, doc, etc.) that can be uploaded against this field. Write extension and press enter. Extension tag will be added.
  • Allow Multiple Uploads: Tick this check box to allow a Web RA operator/user to upload multiple user files against this field.
  • Options: Specify the relevant text to be shown as options to a Web RA operator/user for selection, i.e. User certificate has expired, user certificate has been revoked, Marital Status, Qualification etc.
  • Start Date: This is a date validation check to allow getting user date in a particular date range. Specify the starting date i.e. 01-01-1970 that can be earliest filled in this date field. Web RA will restrict a Web RA operator/user to select a date before this date.
  • End Date: This is a date validation check to allow getting user date in a particular date range. Specify the ending date i.e. 31-12-2050 that can be latest filled in this date field. Web RA will restrict a Web RA operator/user to select a date beyond this date.
  • Required: Tick this check box to make this text field mandatory for a Web RA users to fill in before submitting the vetting form on create request. 


Configure a Vetting Form


A vetting form is separately associated with each service profile (i.e. Certification and CSP) to cater vetting services for the issuance of respective certificates. The process of configuring a vetting form in both the service profiles is exactly the same. You can configure a single vetting form with both the service profiles or may create different vetting forms for each service profile.


  1. Click External Services from the left menu.
  2. Click ADSS Service Profiles.
  3. Search the service profile (i.e. Certification or CSP) in which vetting form is required to configure and click  adjacent to it from the main grid and choose Edit option from menu.
  4. The Service Profile dialog will appear comprising of four screen, i.e. Basic Information, Profile Settings, Advanced Settings and Details.
  5. Go to Details tab.
  6. Select Manual Vetting from the Vetting Option field.
  7. Select a vetting form from the Vetting Form field. Only the Active forms will be available for selection.
  8. Click Finish to save the configurations.
  9. Click the Publish Changes button from the top right corner for the changes to take into effect.


Edit a Vetting Form


  1. Click Vetting Forms from the left menu.
  2. Search the Vetting Form (to edit) and click  adjacent to it from the main grid and choose Edit option from menu.
  3. The Vetting Form screen will appear in editable mode. Add/ Update/ Remove/ Change Properties of the fields in the form as required.
  4. Click Close to save the form. 
  5. Click the Publish Changes button from the top right corner for the changes to take into effect.

As long as a Vetting Form is being used in the configuration of any Service Profile, it can not be edited.

Edit a Vetting Form Details


  1. Click Vetting Forms from the left menu.
  2. Search the Vetting Form (to edit) and click  adjacent to  to it from the main grid and choose Edit option from menu.
  3. The Vetting Form screen will appear in editable mode. Click  adjacent to vetting form name.
  4. The "Edit Vetting Form" dialog will appear, displaying the previously configured form details.
  5. From here you may rename the Vetting Form, edit its Description, Subscriber Agreements, or Status as required.
  6. Click Save from the opened dialog.
  7. Click Close from the form screen. 


Delete a Vetting Form


  1. Click Vetting Forms from the left menu.
  2. Search the Vetting Form (to delete) and click  adjacent to it from the main grid and choose Delete option from menu.
  3. A confirmation message will appear, click Yes.

As long as a Vetting Form is being used in the configuration of any Service Profile, it can not be deleted.