Requests
If the vetting is enabled in an ADSS Service Profile, any certificate request submitted by the end-user against that profile will be submitted to the Admin/ Enterprise RAO. The RAO will vet the request and then either approve for certificate issuance or can reject if it finds any issue in the request. These requests are categorised in three ways, i.e.:
- Certificate Creation - A request that is sent to Admin/ Enterprise RAO to issue a new certificate for a user.
- Certificate Rekey - A request that is sent to Admin/Enterprise RAO to rekey an existing certificate of a user.
- Certificate Revocation - A request that is sent to Admin/ Enterprise RAO to revoke an existing certificate of a user.
- Certificate Renewal - A request that is sent to Admin/ Enterprise RAO to renew an existing certificate of a user.
If the vetting is not enabled for any profile then no certificate request will be submitted to the admin operators for vetting.
How it Works?
The following are the business rules for the vetting and approvals:
- An Admin RAO:
- Receives the certificate requests and may approve, update, revoke, renew or decline them accordingly
- Can initiate a create certificate request from the Admin Portal and can issue the certificates in a crypto device
- Can see the certificate requests of all accounts and may perform appropriate actions (e.g. approve, update, or decline) against them
- Can initiate a new certificate request using CSR, or generating a new key in smart card/token and can issue certificates against them
- Can decline a request if he finds the request is not correct.
- An Enterprise RAO:
- Receives the certificate requests and may approve, update, revoke, renew or decline them accordingly
- Can initiate a create certificate request from the Admin Portal and can issue the certificates in a crypto device
- Can see the certificate requests that are related to their associated enterprises and may take the appropriate actions (approve, update, or decline)
- Can initiate a new certificate request using CSR, or generating a new key in smart card/token and can issue certificates related to those service plans that are subscribed by their associated enterprises and issue certificates against them
- Can also delete a certificate request that is related to their associated enterprises.
- Can decline a request if he finds the request is not correct. The administrator provides the reason for declining.
|
1) On creation of a new certificate request, it will be linked to an enterprise and RAO must have to select an Enterprise Name while creating a new request. |