Vetting is the process to investigate (someone) thoroughly, especially in order to ensure that they are suitable for a job requiring secrecy, loyalty, or trustworthiness.


Similarly, the digital certificates are legal identities for humans and businesses and the Certificate Authorities (CAs) held responsible to issue the certificates to the valid legal identities. To make sure that the requesting entity (a person or a business) is legally authorized to have a certificate, the CAs and RAs introduce the vetting process. Vetting process checks for validation of the information provided by the requester automatically or manually. Following are some examples of the vetting checks performed by and RAO and these checks can vary based on the certificate types:


  1. Validity of the email address
  2. Proof of employment 
  3. Proof of organization
  4. Proof of domain ownership
  5. Operational existence
  6. Physical address
  7. Final verification call etc.


ADSS Web RA provides an option to define the dynamic vetting form for each certificate profile to provide additional information with a certificate request. You can design vetting forms within ADSS Web RA and can associate them with the Service Profiles, i.e. Certification Service Profile or CSP Service Profile. These forms are shown to the end user whenever they request a certificate against these certification profiles i.e., an SSL certificate with an SSL certificate profile or a signing certificate with a signing certificate profile.


How It Works?


  1. The vetting can be performed either by the ADSS Web RA Administrators (Admin RAO) or the Enterprises Administrators (Local/Enterprise RAO) based on the criticality of the certificates. The certificate issuance time for the these certificates can vary from hours to days based on the criticality and the complexity of the validation process. In a standard use case the following certificates are usually vet by the Admin RAO because they require more critical validation and responsibility: 
    1. TLS Server Authentication certificates
    2. Code Signing certificates
    3. eSeal/Legal Person/Organizational certificates
  2. The following certificates can be vetted by the Enterprise RAO and can be issued in minutes to hours depending upon the vetting process:
    1. Document Signing certificates
    2. Email Signing certificates
    3. TLS Client Authentication certificates etc.

An option exists in the ADSS Service Profiles to decide whether a certificate will be vetted by the Administrator RAO or the Enterprise RAO.


Add a Vetting Form


  1. Click Vetting Forms from the left menu. 
  2. Click  from the grid header. 
  3. A dialog will appear to add the name and description. The vetting form will only work if the check box Active is ticked. 
  4. The next screen consists of a Select Language drop down and all the fields an operator would like to add to the vetting form, as displayed in the screenshot below:


       


  • While creating a vetting form, the Select Language drop down will contain only allowed language that is configured in the default settings of the application. 


Configure a Vetting Form


A vetting form is separately associated with each service profile (i.e. Certification and CSP) to cater vetting services for the issuance of respective certificates. The process of configuring a vetting form in both the service profiles is exactly the same. You can configure a single vetting form with both the service profiles or may create different vetting forms for each service profile.


  1. Click External Services from the left menu.
  2. Click Certification Profiles.
  3. Click from the grid header.
  4. The Service Profile dialog will appear comprising of four screen, i.e. Basic Information, Profile Settings,  Details, Authentications and Advanced Settings.
  5. In the Advance Settings tab, select Subscriber Agreement, Vetting details i.e. Vetting Option and Vetting Form.
  6. Tick the check box Enable revocation vetting if required.
  7. Tick the check box Only Admin RAO can vet certificate requests for this profile if required. 
  8. Click the Publish Changes button from the top right corner for the changes to take into effect.


Edit a Vetting Form


  1. Click Vetting Forms from the left menu.
  2. Search the Vetting Form (to edit) and click  adjacent to it from the main grid and choose Edit option from menu.
  3. The Vetting Form screen will appear in editable mode. Add/ Update/ Remove/ Change Properties of the fields in the form as required.
  4. Click Close to save the form. 
  5. Click the Publish Changes button from the top right corner for the changes to take into effect.

As long as a Vetting Form is being used in the configuration of any Service Profile, it can not be edited.

Edit a Vetting Form Details


  1. Click Vetting Forms from the left menu.
  2. Search the Vetting Form (to edit) and click  adjacent to  to it from the main grid and choose Edit option from menu.
  3. The Vetting Form screen will appear in editable mode. Click  adjacent to vetting form name.
  4. The Edit Vetting Form dialog will appear, displaying the previously configured form details.
  5. From here you can rename the Vetting Form, edit its Description, Subscriber Agreements, or Status as required.
  6. Click Save and then click Close . 


Delete a Vetting Form


  1. Click Vetting Forms from the left menu.
  2. Search the Vetting Form (to delete) and click  adjacent to it from the main grid and choose Delete option from menu.
  3. A confirmation message will appear, click Yes.

As long as a Vetting Form is being used in the configuration of any Service Profile, it can not be deleted.