Certificate Requests

Submit a Certificate Request

Click Requests from the left menu.

All the certificate requests (sent from ADSS Web RA and/ or added from Admin RA) related to the admin operator role will be listed here.

Make sure the Certificate Requests tab is opened.
Click from the grid header.
A dialog will appear to specify the request details. The fields and their description are explained in the table below the screenshot.
Specify the details and click Generate.
The status of the certificate request will be shown as Approved in the requests listing, while the certificate status will be shown as Issued in the certificates listing.
The certificate can be downloaded by clicking on the Download button once you open the certificate.

1) CSR Validation policies only validate when Enable CSR Validation is set under Configurations > Policy.

2) When one of the CSR validation policies is configured in ADSS Web RA Admin, it validates these policies while approving a certificate request. If one of the CSR validation policies does not meet the criteria at the time of certificate request approval, enterprise RAO can decline the request by adding a declining reason.

3) If one of the validation policies does not meet, it appears on decline reason dialog as a declining reason. Furthermore, RAO can not proceed further to navigate to the next screen.

4) If no validation policies failed, RAO can still decline a certificate request but there is no validation policy appears as a declining reason on decline dialog. A custom reason can be added though.

5) CSR based validation only applies on those certificate requests where either a CSR is imported by the user, or a certificate request created using a PKCS#10, USB/Smart Card Tokens, request for Go> Sign using MSCAPI

6) An optional message can be added while approving a certificate request, which later also shows under email notification body against certificate approval email. For auto approval, this option does not appear whereas in case of dual control a message is sent to the user once the second reviewer approves a certificate request.

Feature	Description
Enterprise Name	This drop down shows the list of enterprises to link a particular certificate request to selected enterprise. For Super Admin, all the enterprises will be listed. For an enterprise RAO, only those enterprises will be shown to which that enterprise RAO belongs to. For an Admin RAO, only those enterprises will be listed for which that Admin RAO can perform vetting against certificate requests, as allowed under External Services > Certification Profiles.
Verification Type	If Certificate Purpose is of TLS Server Authentication and in ADSS Service Profile the Verification Type is configured then the list will show up with following options, depending upon External Services > Certification Profile configurations. Domain Validated (DV) Organization Validated (OV) Extended Validation (EV) None
Key Store	This is an uneditable field that displays the key store used to create a certificate
Validity Period	It is the duration for which an operator would like a certificate to be valid

Approve / Decline a Certificate Request (With Dual Control)

Click Requests from the left menu.

All the certificate requests (sent from ADSS Web RA and/ or added from Admin RA) related to the admin operator role will be listed here.

Click Certificate Requests and then from the grid of a particular certificate to view it.

Scroll to the Vetting Form and you can choose between Approve and Decline.

Click Approve, the following screen will appear where you need to tick the check-box 'I have reviewed and verified the following details', then add a Message and click Ok to see a roaster message Certificate Request Approved.

Click Dual Control > Requests > View Request (of the approved certificate). Its status will appear as Reviewed.

The request will appear on the screen, where you will scroll through four steps (SDNs, Certificate Validity, Vetting Form and Message). Click on Approve and you will see a similar screen for approval. Once you click Ok, a roaster message will be displayed Certificate Generated.

The certificate will be listed under the Issued Certificate listing.