How it Works?


This module is used to display the list of all issued certificates. The Admin and Enterprise administrators can optionally view, download and revoke the certificates for any user considering the following rules:


  • An Admin RAO can see list of all issued certificates regardless of the enterprise affiliation
  • An Enterprise RAO can only see the list of certificates issued under his enterprise
  • Clicking the Request ID URL will show the complete detail of the request e.g.:
    • List of validation checks performed on the CSR before submitting the request to the CA
    • Download the CSR to manually evaluate it using a third party software
    • List of attributes of the CSR
    • Any other information that is required for the audit


The Advanced Search () is available inside the Search bar that allows an Admin to search the certificates using different parameters (even ranges). This feature is very useful to search a certificate from a large number of certificates.



More Options


An operator can renew or rekey certificate that he has generated. 


Available features are explained in the following table:



Feature

Description

View

To view a certificate, click the  button adjacent to the certificate and click the View option

Revoke

To revoke a certificate, click the  button adjacent to the certificate and click the Revoke option. A dialog appears for the revocation reason, choose the revocation reason and additionally provide the short summery. Clicking Revoke on the dialog will revoke the certificate.

Note that once a certificate is revoked, it cannot be reinstated.

Download

To download a certificate on the file system, click the  button adjacent to the certificate and click the Download option


Access Control Information


There are some certain rules that will be followed while managing or viewing certificates list and it's related information. These rules are based on the user's type which includes Enterprise RAOs, Admin RAOs or Administrators.



Roles

Allowed Features

Enterprise RAO
  • Enterprise RAOs only view the list of certificates that can be managed by the that intended enterprise RAO.
  • Security validations will be validated for an enterprise RAO while performing actions on certificates. These actions include issuance, revocation or downloading of certificate.
  • Advanced search option available for an enterprise RAO to search for a certificate as per the available list.

Admin RAO
  •  Admin RAOs can view the list of all the certificates.
  • An admin RAO can only view request no or issue to related details if it’s allowed to that admin RAO.
  • Security validations will be validated for an admin RAO while performing actions on certificates. These actions include issuance, revocation or downloading of certificate.
  • Advanced search option available for an admin RAO to search for a certificate.

Administrators
  • Administrators can view or manage all certificates and it’s related information



Rekey Certificates


An Administrator can rekey their certificates from certificate listing.



             



  • Administrators can create CSR or smart card certificates. 
  • An operator needs to open the request form by clicking on the rekey certificate. 



               



  • Administrators can create CSR or Smart card certificates.
  • Click on rekey certificate to open the request form. 



               


  1. By clicking on 'Upload CSR' a new CSR will be uploaded and all other options in the request form will be based on the CSR uploaded by the user. 



  1. In case of CSR ($PKCS10 or $Request) request form will be disabled and the user will not be able to edit the request form after uploading the CSR. 



  1. Click on the 'Close' button, so action will be performed and the user will be redirected to the list of certificates. 



  1. Now click on the 'Rekey' button if the OTP is enabled in the profile, then a dialog will appear with OTP details to rekey the certificate. 




                 



By clicking on the 'Rekey' button a new request and request category will be created with the 'Approved' status and the certificate will be rekeyed. The existing certificate status will be changed to 'Revoked' for server-side certificates and for local certificate (CSR/Token) certificate will be in the 'Issued' status.


 Certificate History 


ADSS Web RA allows its users to view Certificate History for rekeyed and reissued certificates. 


Admin > Certificates > Press to find the History option against rekeyed and reissued certificates as displayed in the screenshot below:



                 



It will display all the actions performed against the certificates and it details. 

A user cannot delete any parent certificate. When a child certificate is deleted, its parent certificate will be deleted automatically.