SigningHub is one of the major in-house products of Ascertia used for document signing. ADSS Web RA facilitates to generate certificates and these certificates can be used later for document signing purposes within SigningHub, once these certificates are auto provisioned to SigningHub application.

How it Works?


  1. You can integrate SigningHub application with ADSS Web RA, by configuring a connector and setup that connector under your service plan and that service plan can be assigned to an enterprise account at registration time. Select a default certificate profile for SigningHub, if you want to generate a default certificate at registration time and push this to SigningHub application. These certificates will be auto provisioned in SigningHub which later can be used for document signing purposes.
  2. By default, the Create button will appear allowing you to create a new integration account for the first time. This can be done from Dashboard or by navigating to SigningHub Integration App option from left panel (i.e. application name that was used while creating app under SigningHub). You need to create a Virtual ID as a prerequisite if it's not yet been created. Once your Virtual ID account successfully created, you can create an integrated application for SigningHub. A certificate request with a Pending status will appear under Certificate Requests list, and once it is reviewed by Admin RAO then it will be shown as Reviewed status. You can view your request details. Same certificate request will also be shown under Issued Certificate list.
  3. If you have already created an integrated application for SigningHub under ADSS Web RA, then you can create a certificate request using icon on top right. Provide all required information and your certificate request will appear with a Pending status under Certificate Requests list, and once it is reviewed by Admin RAO then it will be shown as Reviewed status.
  4. A certificate request once created, will appear in Draft state (if it's not completed), click on  icon and select Edit to complete a certificate request. Provide all required information and generate certificate request using same steps as mentioned above. 

One Time password (OTP) can be set as an authentication at the time of request submission for certificate issuance and revocation, based on certificate criticality. See details in External Services > Connectors> SMS Gateway.


Configure SigningHub Integration


  1. First create an integrated application under SigningHub application.
  2. A SigningHub connector must be configured under External Services > Connectors, by selecting SigningHub as a provider. Provide API URL and SigningHub App name (configured in SigningHub Application).
  3. Configure a new service plan or use an already configured service plan, to setup SigningHub Connector under Profile Settings. New users and their certificates will be auto provisioned to SigningHub instance that is configured under selected connector.
  4. Select a default certificate profile for SigningHub under Service Plan > Profile Settings, if you want to generate a default certificate at registration time and push this to SigningHub application.


Create Certificate Requests


 If you have already created an integration app account, then follow the steps to create a certificate request.

  1. You can create a certificate request, using  icon on top right.
  2. Select Certificate Type and click CREATE to generate a certificate request.
  3. Provide all the required information, as required by RA (Registration Authority) to complete vetting process.
  4. Select validity period (if allowed by Admin RAO) for the certificate validity. Click on GENERATE to complete a certificate request.
  5. Email notification will be sent to RA (Registration Authority) for request approval.

1) Once an integration App account created, a certificate will also be generated with an Approved status if no approval required by RA (Registration Authority).

2) Submitted request will be available in [SigningHub_Integration_App]> Certificate Requests with Pending status, or will be in Approved status if no vetting required by Enterprise RAO.

2) Subscriber Agreement is optional. A dialogue will appear to accept agreement if required by RA (Registration Authority). Request will be submitted to RA(Registration Authority) for approval to generate certificate.

3) Once a certificate request approved by the RAO, the certificate request can be provisioned to SigningHub using PROVISION TO SIGNINGHUB option at the bottom.

4) In case of Dual Control, a request will be shown with Reviewed status once the first reviewer approves the request, and it will be shown as Approved after the second reviewer finally approved the certificate request.


All the certificate requests related to the user will be listed here. See the following table for the column headers description:



Field

Description

Request No

This column displays the unique auto generated request number against each certificate request. Click on it to view the details of the certificate request.

Request Type

This column displays the name of your integration app (that is configured under SigningHub) against each certificate.

Certificate Purpose

This column displays the purpose/ type of each requested certificate, i.e. Document Signing etc.

Status

This column displays the current status of each certificate request, i.e. Approved, Declined, or Pending. It also shows the date on which the request status was put up.

Approved: A certificate request that has been sanctioned by RA (Registration Authority). The approved requests imply that the certificates have been issued/ revoked/ renewed against them. 

Declined: A certificate request that has been turned down by RA (Registration Authority). The declined requests imply that the certificates issuance has been refused against them.

Pending: A certificate request that has not been processed by RA (Registration Authority) as yet. The pending requests imply that the RA (Registration Authority) need to review the vetting details and take appropriate actions (i.e. Approve or Decline) against them.

Draft: A certificate request that has been created but not processed by user yet. The draft requests imply that the user needs to fill the vetting details and take appropriate actions (i.e. Create, Submit) against them.




1) Certificate will be generated on approval of request. An email and on screen notification will be received to user on approval.

2) An optional message can be added while approving a certificate request, which later also shows under email notification body against certificate approval email. For auto approval this option doesn't show, whereas in case of dual control the message only receives to user once the second reviewer approves a certificate request.


View Issued Certificates 


Once a certificate is approved, it will be shown under [SigningHub_Integration_App] > Issued Certificates list with Issued status. See following table for the each column header details.


Field

Description

Request No

This column displays the unique auto generated request number against each certificate request. Click on it to view the details of the certificate request.

Common Name

This column displays the common name of each certificate.

Certificate Purpose

This column displays the purpose of each requested certificate, i.e. Document Signing etc.

Capacity Name

This column displays the name of certification profile that is used to generate that intended certificate.

Status

This column displays the current status of each certificate, i.e. Issued, Revoked, or Expired.

Issued: A certificate that has been issued or renewed by RA (Registration Authority). These are the usable certificates.

Revoked: A certificate that has been revoked/ cancelled by RA (Registration Authority). The revoked certificates cannot be used by the users.

Expired: A certificate that has been expired as per its configured time period. The expired certificates cannot be used by the users till they are renewed.

Pending Revocation: A certificate request for revocation has been sent to RA (Registration Authority).

Expiry Date

This column displays the date of each certificate on which they will expire.



Certificate Revocation Requests

  1. Click [SigningHub_Integration_App] > Revocation Requests from the left menu.
  2. Search the certificate for which revocation is required and click  adjacent to it from the main grid and select Revoke.
  3. A confirmation message will appear. Click YES.
  4. Provide the information required by RA (Registration Authority) for revocation process.
  5. Click Revoke.
  6. Request will be submitted to RA (Registration Authority)  for revoke certificate.
  7. Email Notification will be sent to RA (Registration Authority) for revocation approval request.
  8. Certificate will be revoked on approval of request. You will receive an email and on screen notification.
  9. Request status will be changed to Approved and certificate with status Revoked will be available in [SigningHub_Integration_App] > Issued Certificates list.

Certificate status under Issued Certificates list will remain as Pending Revocation until request approved by enterprise RAO.

Settings

  1. Click [SigningHub_Integration_App]  > Settings from the left menu. You will be shown SigningHub Integration App account settings.
  2. Click on Remove [SigningHub_Integration_App]  ID Account link.
  3. A confirmation message will appear. Click Yes to remove your configured SigningHub Integration account.
  4. Count for all Provisioned Certificates will appear, and on click Provisioned Certificates Count it redirects you to Issued Certificates list.

1) Once you deleted your [SigningHub_Integration_App]  account, all its associated requests and certificates will be removed permanently.

2) Once a certificate is deleted from ADSS Web RA, it will be removed from SigningHub instance as well.


Access Control Information


There are certain rules that will be followed while managing or viewing certificates requests list and it's related information. These rules are based on the user's type which includes Enterprise RAOs, Admin RAOs or Administrators.


Roles

Allowed Features

Enterprise RAO
  • A user registered by the enterprise RAO, can only view the certification profiles that are meant to be for enterprise RAOs only i.e. Admin RAO vetting is set as disabled for allowed profiles in service plan.
  • Security validations will be validated for an enterprise RAO while creating a request from Certification Center, Virtual ID, Desktop Signing, Device Enrolment or SigningHub Integration.
  • All the above rules and validations are also applicable in case of RESTful APIs.

Admin RAO
  • A user with an admin RAO role can view all the profiles regardless of any configurations.
  • Security validations will be validated for an admin RAO while creating a request from Certification Center, Virtual ID, Desktop Signing, Device Enrolment or SigningHub Integration.
  • All the above rules and validations are also applicable in case of RESTful APIs.

 Administrators
  • Administrators can view or manage all certificates requests and it’s related information