Certificate Center is a central location that provides a complete list of all the certificate requests, and provides the capability to manage all certificates keys. This certificate can be used for multiple purposes including document signing, remote authorization signing etc. Certificate request can be for Issuance/approval, renewal and revocation.


How it Works?

  1. You can create a certificate request, using  icon on top right. Select a purpose and certificate usage as per requirement. Provide all the required information for certificate generation (i.e. Subject Distinguished Name, Subject Alternative Name etc.) depending upon the selected  certificate type.
  2. A certificate request once created, will appear in Draft state (if the request not yet completed). Click on  icon and select Edit to complete a certificate request. Once a request completed, it will be shown as Approved under certificate requests list.
  3. A certificate information can be viewed or downloaded from Certificate Requests list. Click  icon and select View or Download option. on view a dialog will appear to show certificate related information and on download it show a dialog to save certificate.
  4. Certificate renewal or revocation requests can be generated from Issued Certificates list. Click on  icon and select Renew or Revoke accordingly. A dialog will appear for confirmation, upon confirmation next dialog will appear  where you can add a message to renew or revoke certificate. 

One Time password (OTP) can be set as authentication at the time of request submission for certificate issuance, renewal and revocation, based on certificate criticality. See details in External Services > Connectors> SMS Gateway.



Create Certificate Requests


If you want to create a certificate request, then follow these steps:

  1. You can create a certificate request, using  icon on top right.
  2. Provide all the required information, as required by ADSS Web RA to complete the vetting process.


           


  1. Email notification will be sent to RA (Registration Authority) for request approval.


  • When a user creates a new certificate request, the SDN and SAN will be rendered as per the configurations of the ADSS Certification Profile and its values will be auto-filled from the certificate details. 



  • A user will not be able to the change the values of the RDNs if an operator has configured them in the certificate details.



  • An operator will see the rendered values in a disabled form. 



  • In case of PKCS10, if the RDN values in the CSR are different than configured RDN values in the certificate details of the user, it will show an error to the user that the information in the CSR is different from the details of the configured certificate. 



           


  • If there is an RDN that is added in ADSS Certification Profile, but has not been configured in the User Certificate details, then it will be shown as editable in the request form and the user can update its value.



  • If no RDN is configured in the user certificate details then the request will be generated.



  • In case of an error, the user will not be allowed to move to the next step. 



All the certificate requests related to the user will be listed here. See the following table for the column headers description:


Field

Description

Request No

This column displays the unique auto generated request number against each certificate request. Click on it to view the details of the certificate request.

Certificate Type

This column displays the type of each requested certificate, i.e. Document Signing etc.

Status

This column displays the current status of each certificate request, i.e. Approved, Declined, or Pending. It also shows the date on which the request status was put up.

Approved: A certificate request that has been sanctioned by RA (Registration Authority). The approved requests imply that the certificates have been issued/ revoked/ renewed against them. 

Declined: A certificate request that has been turned down by RA (Registration Authority). The declined requests imply that the certificates issuance has been refused against them.

Pending: A certificate request that has not been processed by RA (Registration Authority) as yet. The pending requests imply that the RA (Registration Authority) need to review the vetting details and take appropriate actions (i.e. Approve or Decline) against them.

Draft: A certificate request that has been created but not processed by user yet. The draft requests imply that the user needs to fill the vetting details and take appropriate actions (i.e. Create, Submit) against them.



1) Certificate will be generated on approval of request. An email and on screen notification will be received to user on approval.

2) An optional message can be added while approving a certificate request, which later also shows under email notification body against certificate approval email. For auto approval this option doesn't show, whereas in case of dual control the message only receives to user once the second reviewer approves a certificate request.

 

Certificate Requests (Dual Control)


If you want to create a certificate request, follow these steps:

  1. You can create a certificate request, using  icon on top right.
  2. Provide all the required information, as required by ADSS Web RA to complete the vetting process. (Step-by-step screenshots attached below)


Select the Certificate Type, and click Create.


               



Fill in the details of SDNs, Certificate Validity and Vetting Form click Submit


           


Then move to the Admin Portal. Admin > Certificate Requests (Dual Control).


Once the certificate is issued, it can be seen in the Issue Certificates listing.

      

Suspend Certificate 


Certificate suspension is an action that ensures temporary invalidity of a certificate. 


To suspend a certificate, the user is first required to revoke the certificate as shown in the screenshot below:




           


The Admin will then approve the revocation request from the Admin Portal.


Admin > Requests > Revocation Requests.


Reinstate Certificate 


A user can reinstate a certificate that is suspended. 


Web > Certificate Center > Issued Certificates.


You can see the certificate listing. Click and then click Reinstate as displayed below:


           


A confirmation message will appear on the screen, click Yes to proceed. 



           


Upon confirmation another dialog will appear when the user is required to enter a message and then click Reinstate. Then a roaster message will appear Reinstate request submitted. 


             


An administrator will then approve the reinstate request from Admin Portal. 


Admin > Requests > Revocation Requests.

View Issued Certificates 


Once a certificate is approved, it will be shown under Certificate Center > Issued Certificates list with Issued status. See following table for the each column header details.


Field

Description

Request No

This column displays the unique auto generated request number against each certificate request. Click on it to view the details of the certificate request.

Full Name

This column displays the full name of each certificate including serial number of certificate.

Certificate Type

This column displays the purpose/ type of each requested certificate, i.e. Document Signing, TLS Server Certificate, etc.

Status

This column displays the current status of each certificate, i.e. Issued, Revoked, or Expired.

Issued: A certificate that has been issued or renewed by RA (Registration Authority). These are the usable certificates.

Revoked: A certificate that has been revoked/ cancelled by RA (Registration Authority). The revoked certificates cannot be used by the users.

Expired: A certificate that has been expired as per its configured time period. The expired certificates cannot be used by the users till they are renewed.

Pending Renewal: A certificate request for renewal has been sent to RA (Registration Authority).

Pending Revocation: A certificate request for revocation has been sent to RA (Registration Authority).

Expiry Date

This column displays the date of each certificate on which they will expire.


A user can delete an issued certificate from the listing, as shown below:


The 'Delete' option is available for all certificates' status (Issued, Expired and Pending).


               


Once you click the Delete Certificate button, a confirmation message will appear. Click on the Yes button to confirm your action. 

 

             



Rekey Requests

In case of Server Certificates:

  • Click on rekey certificate to open the request form from the list of issued certificates.



             


  1. The request form fields will be disabled. The user can view all sections of the request and click on the 'Rekey' button to rekey the certificate. 
  2. By clicking on the 'Close' button, no action will be performed and the user will redirect to the list of issued certificates.
  3. By clicking on the 'Rekey' button, if OTP is enabled in the profile, then the dialog will appear with OTP details to rekey the certificate.



           


  • If the vetting for request is enabled, click on the 'Rekey' button, a request category will be created with status “Pending” and email will be sent to the administrator to approve the request category to rekey certificate. Existing certificate status will be changed to “Pending Rekey”.



  • If the vetting for request is disabled, click on the 'Rekey' button, a new request and request category will be created with status “Approved” and certificate will be rekeyed. Existing certificate status will be changed to “Revoked”.

Rekey Requests > CSR or Smart Card


In case of CSR or Smart Card Certificates


Click on the 'Rekey Certificate' to open a request form from the list of issued certificates. 

 

         


  • If the vetting for request is enabled, click on the 'Rekey' button, a request category will be created with status “pending” and email will be sent to the administrator to approve the request category to rekey certificate. Existing certificate status will be changed to “Pending Rekey”.



  • If the vetting for request is disabled, click on the 'Rekey' button, a new request and request category will be created with status “approved” and certificate will be rekeyed. Existing certificate status will be changed to “Revoked”.



Left Menu > Rekey Requests Listing


  • By clicking on the “Rekey Requests” option from left side menu, user will be able to see all requests of rekey certificates with its status information.



  • This option is role based, if “Rekey Requests” are not allowed in role, this section will be hidden for user of that particular role.


       


User can see “Message” tab on declined rekey request by clicking on view request option from listing. It will show the reason of decline by administrator.



       



 Certificate History 


ADSS Web RA allows its users to view Certificate History for rekeyed and reissued certificates. 


Web > Certificate Center > Issued Certificates 


       


Then click on and then History, to view the history of rekeyed / reissued certificates. 



       




Certificate Revocation Requests


  1. Click Certificate Center > Issued Certificates from the left menu.
  2. Search the certificate for which revocation is required and click  adjacent to it from the main grid and select Revoke.
  3. A confirmation message will appear. Click Yes.
  4. Provide the information required by RA (Registration Authority) for revocation process.
  5. Click Revoke.
  6. Request will be submitted to RA (Registration Authority)  for revoke certificate.
  7. Email Notification will be sent to RA (Registration Authority) for revocation approval request.
  8. Certificate will be revoked on approval of request. You will receive an email and on screen notification.
  9. Request status will be changed to Approved and certificate with status Revoked will be available in Certificate Center > Issued Certificates list.

Certificate status under Issued Certificates list will remain as Pending Revocation until request approved by enterprise RAO.


Certificate Re Issuance


  • A certificate can be reissued once it is revoked. The user can request for re-issuance of the certificate upon which the system will calculate its validity automatically and issue a new certificate for the remaining validity period
  • A new option “Re-Issue Certificate” will appear in the certificate listing when you right click on the revoked certificate. This option will be available only if the certificate status is revoked and its expiry date has not passed
  • Reissue certificate will send the request for vetting if the same certificate was created with vetting previously
  • Re-Issue certificate option will be based on the enterprise role assigned to the user


             


Once you click 'Re-issue Certificate', a confirmation dialog will appear. 


                 


  • Upon confirmation, all requested data will be copied to new request data will be copied to new requests and requests will be added for submission or certificate generation-based configuration in profile. 


  • Users can also request re-issuance from certificate lists of the following areas:


    • Certificate Center
    • Virtual ID
    • Desktop Signing
    • Device Enrolment
    • Signinghub



  • Second-factor authentication for Re-issuance of certificate will be controlled by profile similar to what we follow in the case of renew and revoke certification.


 

Access Control Information


There are some certain rules that will be followed while managing or viewing certificates requests list and it's related information. These rules are based on the user's type which includes Enterprise RAOs, Admin RAOs or Administrators.


Roles

Allowed Features

Enterprise RAO
  • A user registered by the enterprise RAO, can only view the certification profiles that are meant to be for enterprise RAOs only i.e. Admin RAO vetting is set as disabled for allowed profiles in service plan.
  • Security validations will be validated for an enterprise RAO while creating a request from Certification Center, Virtual ID, Desktop Signing, Device Enrolment or SigningHub Integration.
  • All the above rules and validations are also applicable in case of RESTful APIs.

Admin RAO
  • A user with an admin RAO role can view all the profiles regardless of any configurations.
  • Security validations will be validated for an admin RAO while creating a request from Certification Center, Virtual ID, Desktop Signing, Device Enrolment or SigningHub Integration.
  • All the above rules and validations are also applicable in case of RESTful APIs.

 Administrators
  • Administrators can view or manage all certificates requests and it’s related information