This section in ADSS Web RA lists down all types of certificate requests, whether they are pending approval, in review or approved. 


Submit a Certificate Request 


  1. Click "Requests" from the left menu.

The tab will expand into sub-menus.

  1. Make sure the Certificate Requests tab is opened.
  2. Click  from the grid header.
  3. A dialog will appear to specify the request details. The fields and their description are explained in the table below the screenshot. 
  4. Specify the details and click Generate.
  5. The status of the certificate request will be shown as "Approved" in the requests listing, while the certificate status will be shown as Issued in the certificates listing. 
  6. The certificate can be downloaded by clicking on the "Download" button once you open the certificate.

1) CSR Validation policies only validate when Enable CSR Validation is set under Configurations > Policy.

2) When one of the CSR validation policies is configured in ADSS Web RA Admin, it validates these policies while approving a certificate request. If one of the CSR validation policies does not meet the criteria at the time of certificate request approval, enterprise RAO can decline the request by adding a declining reason.

3) If one of the validation policies does not meet, it appears on decline reason dialog as a declining reason. Furthermore, RAO cannot proceed further to navigate to the next screen.

4) If no validation policies fail, an RAO can still decline a certificate request but no validation policy will appear as a declining reason on decline dialog. A custom reason can be added though.

5) CSR-based validation only applies on those certificate requests where either a CSR is imported by the user, or a certificate request is created using a PKCS#10, USB/Smart Card Tokens, request for Go> Sign using MSCAPI. 

6) An optional message can be added while approving a certificate request, which later also shows under email notification body against certificate approval email. For auto approval, this option does not appear whereas in case of dual control a message is sent to the user once the second reviewer approves a certificate request.



 Field

Description

 Enterprise Name

This drop down shows the list of enterprises to link a particular certificate request to selected enterprise.

For Super Admin, all the enterprises will be listed. For an enterprise RAO, only those enterprises will be shown to which that enterprise RAO belongs to. For an Admin RAO, only those enterprises will be listed for which that Admin RAO can perform vetting against certificate requests, as allowed under External Services > Certification Profiles.

Verification Type

If Certificate Purpose is TLS Server Authentication and in Certification Profile the Verification Type is configured then the list will show up with following options, depending upon External Services > Certification Profile configurations.

  • Domain Validated (DV)
  • Organization Validated (OV)
  • Extended Validation (EV)
  • None

Key Store

This is a disabled field that displays the key store used to create a certificate.

Validity Period

It is the duration for which an operator would like a certificate to be valid.



 



Approve / Decline a Certificate Request (With Dual Control)


  1. Click "Requests" from the left menu.

The tab will expand into sub-menus.

  1. Click "Certificate Requests" and then from the grid of a particular certificate to view it. 



Scroll to the Vetting Form and you can choose between "Approve" and "Decline". 



Click "Approve", the following screen will appear where you need to tick the check-box 'I have reviewed and verified the following details', then add a Message and click "Ok" to see a roaster message Certificate Request Approved. 



Click Dual Control > Requests > View Request (of the approved certificate). Its status will appear as Reviewed. 



The request will appear on the screen, where you will scroll through four steps (SDNs, Certificate Validity, Vetting Form and Message). Click on "Approve" and you will see a similar screen for approval. Once you click "Ok", a roaster message will be displayed Certificate Generated. 



The certificate will be listed under the Issued Certificate listing.