In this section, an operator can set policy for the following areas in the ADSS Web RA:


Certificate Renewal Settings

Certificate Revocation Settings

Certificate Expiry

Device CA Certificate Expiry

Permanent Certificate Deletion


Certificate Renewal Policy Settings


This setting enables you to renew your certificate, in case of renewing your certificate, the new expiry date will be updated. 


This section will have a drop down that will allow an operator to select a certificate policy for the entire system, no option will be selected by default. 


Basic Information

Field

Description

None

This field will set no policy for certificates in the system, a user cannot renew or rekey his certificates. 

Renew Certificate

This allows a user to set renew policy for certificates in the system.

Rekey Certificate 

This allows a user to set rekey policy for certificates in the system. 



Certificate Revocation Settings


ADSS WebRA allows an operator to configure the revocation policies for the virtual ID certificates.


If the operator enables the ‘Remove virtual ID keys upon certificate revocation’ option, the configuration will be applied globally, and all newly created enterprises will have this policy enabled. 


With this policy enabled, when a virtual ID certificate is revoked, the system will revoke the certificate and remove the virtual ID keys.



Meanwhile, is this policy is disabled, the system will not remove the virtual ID keys when a virtual ID certificate is revoked. 


Certificate Expiry Notifications 


When an operator enables the 'Certificate Expiry Notification' checkbox, the following fields will appear, as displayed in the screenshot below:


Basic Information

Field

Description

Before Expiry 

Specify number of days to receive notification before a certificate expires

Select Interval

Select the days for interval to send certificate expiry notifications

Select Time

Select the time to start certificate expiry notifications background job 

Send Certificate Expiry Notifications to Users

If an operator enables this checkbox, then system will send notifications to the relevant users 


 

Once a background job is completed after the configured time interval selected above, an email will be sent to the operator to view certificates that are about to expire (based on the selected configurations). 


A user will receive an email as shown below:



After clicking on the View Listing button, the administrator will be redirected to the certificate listing screen along with the filtered certificates.  



If an administrator enables the password authentication, then after clicking on the view listing button in the email, operator will be redirected to the login page.



After logging in successfully, the list of certificates will be visible to the operator.


Device CA Certificate Expiry 


When an operator enables the 'Device CA Certificate Expiry' checkbox, the following fields will appear, as displayed in the screenshot below:


Basic Information

Field

Description

Before Expiry 

Specify number of days to receive notification before a Device CA certificate expires

Select Interval

Select the days for interval to send Device CA certificate expiry notifications

Select Time

Select the time to start Device CA certificate expiry notifications background job 



Once a background job is completed after the configured time interval selected above, an email will be sent to the operator to view certificates that are about to expire (based on the selected configurations). 


A user will receive an email as shown below:



After clicking on the View Listing button, the administrator will be redirected to the certificate listing screen along with the filtered certificates.

           


Click "Clear" to remove the filter and the following screen will be displayed where you can filter out Device CA certificate based on their issuance date, or name of the operator to whom certificate was issued:



Permanent Certificate Deletion 


ADSS Web RA allows an operator to set the permanent certificate deletion policy. Delete certificate permanently policy enables you to delete the certificate, request and all activity logs against request and certificate permanently from the system. Deleted information is not retrievable, if this policy is enabled.


Enable Permanent Certificate Deletion 


  1. From the left menu pane, expand Configurations > Policies > Certificates.
  2. Select the 'Enable Delete Certificate Permanently' check box and click Save. 



If this policy is enabled, when an operator deletes a certificate request, the following permanent deletion dialog will appear:



This means that all the certificates, and activities against this request will be deleted permanently. Once deleted, the information will no longer be retrievable. 


Disable Permanent Certificate Deletion 


  1. From the left menu pane, expand Configurations > Policy.
  2. Uncheck the Enable Delete Certificate Permanently check box and click Save. 



If this policy is disabled, when an operator deletes a certificate request, the following deletion dialog will appear: