Virtual ID facilitates to register user ID and provides the capability to manage its certificates keys. This certificate can be used for Advanced Electronic Signature, allow you to authorise a remote signing request using your registered mobile device(s). Certificate request can be for Issuance/approval, renewal and revocation.


How it Works?


  1. By default, the Create button will appear allowing you to create a Virtual ID for the first time. This can be done from Dashboard or by navigating to Virtual ID from left panel. You need to provide user ID, a valid mobile number, your full legal name and other organization related information for the certificate generation. Select the validity period (if allowed by your Enterprise RAO) for your certificate. Once your Virtual ID successfully generated, a dialog will show up with account creation message. Another dialog will appear to save the certificate, generated against your Virtual ID. A certificate request with an Approved status will be shown under Certificate Requests list. You can view your request details, view or download your associated certificate as well. Same certificate will also be shown under Issued Certificate list.
  2. If you have already created a Virtual ID, then you can create a certificate request using  icon on top right. Provide all required information and your certificate request will appear with Approved status under Certificate Requests list. Click on GENERATE to create certificate, a dialog will appear with CERTIFICATE GENERATED title. You can either generate new certificate request or can move to certificate requests list to view/download certificate from this dialog. You may also navigate to issued certificates list from same dialog by selecting certificates.
  3. A certificate request once created, will appear in Draft state (if it's not completed), click on  icon and select Edit option to complete a certificate request. Provide all required information and generate certificate using same steps as mentioned above. 

One Time password (OTP) can be set as an authentication at the time of request submission for certificate issuance, renewal and revocation, based on certificate criticality. See details in External Services > Connectors> SMS Gateway.


Create a new Virtual ID


  1. Click either on Dashboard or navigate to Virtual ID.  Click on Create to setup a new Virtual ID for the very first time.


           


  1. Provide all the mandatory information, as required by RA (Registration Authority) to complete vetting process.
  2. Provide all required information that will be shown on view certificate from issued certificates list.
  3. Select validity period (if allowed by Admin RAO) for the Virtual ID certificate.


         


  1. Click on Create to create Virtual ID.
  2. A success message will be shown on successful creation, along with an option to save Virtual ID certificate. You can either create another new request or can navigate to certificate requests or issue certificates list.

    

         

      


1) Subscriber Agreement is optional. A dialogue will appear to accept agreement if required by RA (Registration Authority). Request will be submitted to RA (Registration Authority) for approval to generate certificate.
2) Once a Virtual ID created, a certificate will also be generated with an approved status if no approval required by RA (Registration Authority)


Create Certificate Requests


 If you have already created a Virtual ID, then follow the steps to create a certificate request.

  1. You can create a certificate request, using  icon on top right.
  2. Provide all the required information, as required by RA (Registration Authority) to complete vetting process.
  3. Select validity period (if allowed by Admin RAO) for the Virtual ID certificate.
  4. Email notification will be sent to RA (Registration Authority) for request approval.

Submitted request will be available in Virtual ID> Certificate Requests with Pending status, or will be in Approved status if no vetting required by Enterprise RAO.


All the certificate requests related to the user will be listed here. See the following table for the column headers description:


Field

Description

Request No

This column displays the unique auto generated request number against each certificate request. Click on it to view the details of the certificate request.

Request Type

This column displays the type of each certificate request, i.e. Server Based, CSR Based, or Smartcard/ Token based. etc

Certificate With Server Held Keys Remote Authorization: A certificate request that is sent/ created to issue the signing keys for a user that can be kept inside HSM. Certificate authorise a remote signature (done on server) using your registered mobile device(s).

Certificate Type

This column displays the purpose/ type of each requested certificate, i.e. Document Signing, TLS Server Certificate, etc.

 Status

This column displays the current status of each certificate request, i.e. Approved, Declined, or Pending. It also shows the date on which the request status was put up.

Approved: A certificate request that has been sanctioned by RA (Registration Authority). The approved requests imply that the certificates have been issued/ revoked/ renewed against them. 

Declined: A certificate request that has been turned down by RA (Registration Authority). The declined requests imply that the certificates issuance has been refused against them.

Pending: A certificate request that has not been processed by RA (Registration Authority) as yet. The pending requests imply that the RA (Registration Authority) need to review the vetting details and take appropriate actions (i.e. Approve or Decline) against them.

Draft: A certificate request that has been created but not processed by user yet. The draft requests imply that the user needs to fill the vetting details and take appropriate actions (i.e. Create, Submit) against them.



1) Certificate will be generated on approval of request. An email and on screen notification will be received to user on approval.

2) An optional message can be added while approving a certificate request, which later also shows under email notification body against certificate approval email. For auto approval this option doesn't show, whereas in case of dual control the message only receives to user once the second reviewer approves a certificate request.

View Issued Certificates 


Once a certificate is approved, it will be shown under Virtual ID > Issued Certificates list with Issued status. See following table for the each column header details.



Field

Description

Request No

This column displays the unique auto generated request number against each certificate request. Click on it to view the details of the certificate request.

Full Name

This column displays the full legal name of the person to whom the certificate is associated including serial number of certificate.

Certificate Type

This column displays the purpose/ type of each requested certificate, i.e. Document Signing, TLS Server Certificate, etc.

Status

This column displays the current status of each certificate, i.e. Issued, Revoked, or Expired.

Issued: A certificate that has been issued or renewed by RA (Registration Authority). These are the usable certificates.

Revoked: A certificate that has been revoked/ cancelled by RA (Registration Authority). The revoked certificates cannot be used by the users.

Expired: A certificate that has been expired as per its configured time period. The expired certificates cannot be used by the users till they are renewed.

Pending Renewal: A certificate request for renewal has been sent to RA (Registration Authority).

Pending Revocation: A certificate request for revocation has been sent to RA (Registration Authority).

Expiry Date

This column displays the date of each certificate on which they will expire.



Certificate Renewal Requests


  1. Click Virtual ID > Issued Certificates from the left menu.
  2. Search the certificate for which renewal is required and click  adjacent to it from the main grid and select Renew.
  3. A confirmation message will appear. Click Yes.
  4. Provide the information required by RA (Registration Authority) for renewal process.
  5. Click Renew button.
  6. Request will be submitted to RA (Registration Authority) to renew certificate.
  7. Email Notification will be sent to RA (Registration Authority) for renewal request approval.
  8. You can view submitted request under Virtual ID> Renewal Requests list with Pending status.
  9. Certificate will be renewed on approval of request. You will receive an email and on screen notification.
  10. Request status will be changed to Approved and certificate with status Issued will be available in Virtual ID > Issued Certificates list.

Certificate status under Issued Certificates list will remain as Pending Renewal until request approved by enterprise RAO.


Certificate Revocation Requests


  1. Click Virtual ID > Issued Certificates from the left menu.
  2. Search the certificate for which revocation is required and click  adjacent to it from the main grid and select Revoke.
  3. A confirmation message will appear. Click Yes.
  4. Provide the information required by RA (Registration Authority) for the revocation process.
  5. Click the Revoke button. Then a confirmation message will pop-up, asking the operator to ensure that he wants to revoke the certificate. It also displays a message when a certificate is revoked, it is also de-provisioned from AGCE and Desktop Signing. (As displayed in the screenshot below)


         

  1. Request will be submitted to RA (Registration Authority) to revoke certificate.
  2. Email Notification will be sent to RA (Registration Authority) for revocation approval request.
  3. Certificate will be revoked on approval of request. You will receive an email and on screen notification.
  4. Request status will be changed to Approved and certificate with status Revoked will be available in Virtual ID > Issued Certificates list.

Certificate status under Issued Certificates list will remain as Pending Revocation until request approved by enterprise RAO.


Remove Virtual ID


  1. Click Virtual ID > Settings from the left menu.
  2. Click on Remove Virtual ID Account link.
  3. A confirmation message will appear. Click Yes to remove your configured Virtual ID account.

Once you delete your Virtual ID, all its associated requests and certificates will be removed permanently.


Change Virtual ID Mobile Number with OTP Verification 


A user can change his virtual ID mobile number with OTP verification. 


           


Once you enter the new mobile number and click Save, the following OTP screen will appear:



           


An OTP will be sent to the new mobile number, enter it in the OTP via SMS box.


An OTP will also be sent to user's email address, enter it in the OTP via EMAIL box and click Verify to proceed. 


Note: 


  • A user will also have to change the configurations in the ADSS Server to change the Virtual ID mobile number.
  • For Virtual ID, the configurations for SAM_OTP length is 6.





Access Control Information


There are  certain rules that will be followed while managing or viewing certificates requests list and it's related information. These rules are based on the user's type which includes Enterprise RAOs, Admin RAOs or Administrators.


Roles

Allowed Features

Enterprise RAO
  • A user registered by the enterprise RAO, can only view the certification profiles that are meant to be for enterprise RAOs only i.e. Admin RAO vetting is set as disabled for allowed profiles in service plan.
  • Security validations will be validated for an enterprise RAO while creating a request from Certification Center, Virtual ID, Desktop Signing, Device Enrolment or SigningHub Integration.
  • All the above rules and validations are also applicable in case of RESTful APIs.

Admin RAO
  • A user with an admin RAO role can view all the profiles regardless of any configurations.
  • Security validations will be validated for an admin RAO while creating a request from Certification Center, Virtual ID, Desktop Signing, Device Enrolment or SigningHub Integration.
  • All the above rules and validations are also applicable in case of RESTful APIs.

 Administrators
  • Administrators can view or manage all certificates requests and it’s related information



Field

Description

Name

A friendly identifier for the new role

Description

A brief text to explain the characteristics of the role

Allowed Modules

Select the required modules and sub modules to include in this role and set their permissions (i.e. Read, Add/Edit, and Delete) accordingly. The administrators with this role would be able to access the allowed (selected) modules only along with the respective fine grained authorization.