WebRA User Guide

Field

Description

Name

Specify a unique name for this profile. 

Description

Specify any description related to this certification profile. (Optional)

Active

Select this checkbox to make the profile active.

Field

Description

ADSS Service

This field will display the ADSS Services (i.e. Certification Service and CSP Service) that are available for ADSS Web RA. Select Certification Service. 

ADSS Certification Server

This field will display the list of active ADSS connectors in ADSS Web RA. Select the one to use for this certification service profile, for example: ADSS.

ADSS Certification Service Profile

In this field, enter the certification profile that you created on the ADSS Sever, for example: adss:certification:profile:001.

Issuer Name

This field will display issuer CA name. This information is fetched from ADSS Server and is displayed in read-only format.

Certificate Purpose 

This field will appear in a disabled form. It contains a list of standard certificate purposes which actually comes from ADSS, based on selected certification profile. A certificate will be generated based on provided certification profile ID, and it will be in a disabled form as it is configured under that ADSS Certification Service Profile. Possible certificate purposes could be Document Signing, TLS Server Authentication, Code Signing etc.

ADSS Web RA supports the following types of TLS certificates:

• EVS TLS Server authentication
• TLS Client authentication
• TLS Server authentication

In case of external CA this field will be enabled and operator can select certificate purpose.

Certificate Enrolment 

From this dropdown you can select the following options: 

• None - For a simple certification profile.
• Enrolment Protocols – It allows you to select a certificate enrolment protocol. If you select this, another drop-down for enrolment protocols appears.
• Windows Enrolment - Once you select this from the drop down, another drop down with Active Directory Profile appears. 

Enable one-time PFX download

If enabled, users can download the PFX file only once. After that, the PFX download option will not be available. Additionally, when this option is enabled, the operator will not be able to download the PFX from the admin portal.

Enable Client Keys

Enabling the client keys option will require public key to generate the certificate. The Subject Distinguished Names (SDNs) in the certificate request will be populated based on what is configured in the ADSS certification profile and the data provided in the CSR (Certificate Signing Request). 

Note: If this option is enabled, the enrolment protocol section will not be visible, and the certification profile cannot be used for any protocol-based enrolments.

Certificate Enrolment 

This dropdown displays the following options: 

• None – Select this option if you want to create a simple certification profile.
• Enrolment Protocol(s) - It enables you to create a device enrolment profile. If you select this option, an additional dropdown field appears, allowing you to select the required enrolment protocol.
• Windows Enrolment – If this option is selected, another dropdown appears that allows you to select the Active Directory Profile. 

Enrolment Protocol(s)

This dropdown displays the following enrolment protocols:

• SCEP
• Microsoft Intune SCEP
• CMP
• ACME
• EST

Select the ‘Microsoft Intune SCEP’ option from the dropdown to create the certification profile for this protocol. The system will then display the following additional fields on the screen:

• Microsoft Intune SCEP Connector
• Microsoft Intune SCEP Device Certificate

Microsoft Intune SCEP Connector

From this dropdown, select the ‘Azure Active Directory’ connector that contains the device-related information.