This section explains how to create TLS / Server based certificate requests in the Web RA application.



Following are a few things to remember with respect to SDNs, SANs and RDNs:


  • When a user creates a new certificate request, the SDNs and SANs will be rendered as configured in the certification profile and its values will be auto-filled from the certificate details. 


  • A user will not be able to change the values of the RDNs if an operator has configured them in the certificate details.


  • An operator will see the rendered values in a disabled form. 


  • If there is an RDN that is added in certification profile but has not been configured in the user's certificate details, it will be shown as editable in the request form and the user can update its value.


  • If no RDN is configured in the user certificate details then the request will be generated.


  • In case of an error, the user will not be allowed to move to the next step. 


Second Factor Authentication 


If second-factor authentication is enabled for certificate requests, the configured authentication mechanism operates accordingly. When the user clicks Generate, an authentication window appears. After the selected method is successfully verified, the certificate is generated.


The authentication mechanism can be one of the following:


  • SMS OTP Authentication 
  • Email OTP Authentication 
  • Email & SMS Authentication
  • SAML Authentication 
  • Active Directory Authentication 
  • Azure Active Directory Authentication
  • OIDC Authentication 


Request Notes


If an operator has added a customized Request Note to certificate requests for a specific enterprise, it will appear in all types of certificates requests -- issued, rekey, revoked, renewed and reissued. The Request Notes appear only on the screens against which the operator has customised them. 


An operator can configure Request Notes from the Enterprise Request Notes section in the Admin portal.


The following steps describe how to create a certificate request for the “TLS Server Auth / SDNs / DV SSL” certificate type.


In the web portal, expand the ‘Certificate Center’ tab from the left menu pane and click on the ‘Certificate Requests’ option.



Click on the ‘+’ plus button in the listing header to create a new certificate request. The system will display the ‘Create Request’ screen. 



On this screen, select the ‘Certificate Type’ and click ‘Create’. 



The system will display the ‘Welcome Note’ screen.



Enable the checkbox with the text ‘I allow the use of my data for processing certificate application by (Enterprise Name)’ and click the ‘>’ next button to continue. 


Note: The Welcome Note screen will only appear if the operator has enabled customised Request Notes in the ‘Notification’ section of the Enterprise the user belongs to.


After you click the next button, the system will navigate you to the ‘Subject Distinguished Name (SDN)’ screen.



After entering the required information click the next ‘>’ button to navigate to the ‘Subject Alternative Screen (SAN)’ screen. 


The domain names field will appear in a disabled form (as set in the enterprise section of the admin portal).


ADSS Web RA supports the configuration of domain names at an enterprise level. From the admin portal, an administrator can set domain names and sub domain names associated to an enterprise. The DNS name will be used in the certificate request form for its utilization while generating certificates exclusively from the domains pre-configured within their enterprise. 



Click the next ‘>’ button to navigate to the ‘Certificate Validity’ screen. The validity period will appear in a disabled form.



Click next to navigate to the ‘Domain Ownership Verification’ screen.



Here, the ‘Domain Verification Status’ will appear as ‘Unverified’. To verify the status, you will be required to either Upload a file or TXT Record. 


Once you are done with domain verification, click ‘Generate’ to create the certificate.


The following steps describe how to create a certificate request for ‘TLS authentication with DV as none (CAA Records)’ certificate type.


In the web portal, expand the ‘Certificate Center’ tab from the left menu pane and click on the ‘Certificate Requests’ option.



Click on the ‘+’ plus button in the listing header to create a new certificate request. The system will display the ‘Create Request’ screen. 



On this screen, select the ‘Certificate Type’ from the given dropdown field and click ‘Create’. 



The system will display the ‘Welcome Note’ screen.



Enable the checkbox with the text ‘I allow the use of my data for processing certificate application by (Enterprise Name)’ and click the ‘>’ next button to continue. 


Note: The Welcome Note screen will only appear if the operator has enabled customised Request Notes in the ‘Notification’ section of the Enterprise the user belongs to.


After you click the next button, the system will navigate you to the ‘Subject Distinguished Name (SDN)’ screen. Enter the details in the respective fields and click the next ‘>’ button.



The Subject Alternative Name (SAN) screen appears. Select the domain names (DNS) from the drop-down list and enter the IP address and email address in their respective fields. In the Other Name section, enter the OID and Value, then click ‘Add Other Name’.



Once done, click the next ‘>’ button to proceed.


The ‘Certificate Validity’ screen will appear. The validity period will appear in the disabled form.



Click the next ‘>’ button to navigate to the ‘Domain Ownership Verification’ screen.



The ‘Domain Verification Status’ will appear unverified. Click the ‘Verify’ button.


If the CAA records you configured in the Enterprise Domain configurations matches the CA record you entered in the DNS entry, the Domain Verification Status will appear Verified, as displayed below:



If the CAA records you configured in the Enterprise Domain configurations does not match the CA record you entered in the DNS entry, the domain Verification Status will appear Unverified, as displayed below:



In case of Verified status, click 'Generate' to process a certificate. The Certificate Generated confirmation message will appear, as displayed below: