This section is used to create certificates based on different types of certificates. 


  1. $REQUEST / $PKCS10 / SDN / SAN certificate type using CSR with vetting
  2. TLS Server Auth/ SDNs/ DV SSL certificate type
  3. TLS authentication with DV as None (CAA Records) 
  4. TLS using CSR with CV as None (CAA Records)


Following are the steps to create a request for $REQUEST / $PKCS10 / SDN / SAN certificate type using CSR with vetting:


On the web portal, navigate Certificate Center > Certificate Requests from the left menu pane.



After selecting the Certificate Type from the dropdown, click Create. You will see the Welcome Note screen (see details in Request Notes):



The welcome note will appear, select the checkbox I allow the use of my data for processing certificate application by Enterprise Name and click next. (This screen will appear if operator has customised request notes in the enterprise the user belongs to.)


The second screen appearing will be requesting you to either upload a CSR or paste one below.


Once you upload the file or paste the CSR, click next to proceed. 



Once the CSR is validated, you will see the following screen:



You can click the View icon button to view the CSR, as follows:



Scroll down to see the remaining items on this screen. Then click Close. 



Click next, the Subject Distinguished Name (SDN) screen will appear. The SDN fields will be auto-filled as per CSR. 



In case of $PKCS10 certificate request, the CSR should contain the enterprise name from which the user has logged in. If the CSR has a different organisation name, the stepper will not proceed further and the following error message will be displayed:



The Subject Alternative Name (SAN) screen will appear.


It contains the following fields:


  • DNS Name
  • IP Address
  • Email Address 
  • Other Name:


    • OID 
    • Value 
    • Encoding 


Then click next.



The Certificate Validity screen will appear. The validity period will be displayed in a disabled form. 

Click 'Generate' to proceed. 



The subscriber agreement configured with this user's profile will be displayed. Click 'Yes' to proceed. 



A certificate will be generated and you can find it in your download folder on your computer. 

 


This request will be displayed in the certificate requests listing. 


If you close the Certificate Generated window, the following screen will appear, where you can provision your certificate. 



Click Provision.



The certificate will be provisioned into your Desktop Signing account. 


Following are the steps to create a request for TLS Server Auth/ SDNs/ DV SSL certificate type:


  1. On the web portal, navigate to the Certificate Center from the left menu pane and then click "Certificate Requests".
  2. After selecting the Certificate Type from the dropdown, click "Create".



  1. Click next, the Subject Distinguished Name (SDN) screen will appear.



  1. The Subject Alternative Name (SAN) screen will appear. The domain names fields will appear in a disabled form (as set in the enterprise section of the admin portal). 


ADSS Web RA supports the configuration of domain names on an enterprise level. From the admin portal, an administrator can set domain names and sub domain names associated to an enterprise. The DNS name will be used in the certificate request form for its utilization while generating certificates exclusively from the domains pre-configured within their enterprise. 



  1. The Certificate Validity screen will appear. The validity period will be displayed in a disabled form. Click Generate.



  1. You can download the certificate as it is or download certificate with a PFX. 


Following are the steps to create a certificate request for TLS authentication with DV as none (CAA Records) 


  1. On the web portal, navigate to the Certificate Center from the left menu pane and then click "Certificate Requests". Then click to create a new certificate request.



  1. After selecting the Certificate Type from the drop down, click "Create".



  1. Click next, the Subject Distinguished Name (SDN) screen will appear.



  1. The Subject Alternative Name (SAN) screen will appear. Select the domain names (DNS) from the drop down, then enter the IP address, email address. In the Other name section, enter the OID, Value and click Add Other Name, then click >. 



  1. The Certificate Validity screen will appear. The validity period will be displayed in a disabled form. Click Generate.



  1. The Domain Ownership Verification screen will appear. The Domain Verification Status will appear Unverified. Click Verify to proceed. 



  1. If the CAA records you configured in the Enterprise Domain configurations matches the CA record you entered in the DNS entry, the Domain Verification Status will appear Verified, as displayed below:



If the CAA records you configured in the Enterprise Domain configurations does not match the CA record you entered in the DNS entry, the domain Verification Status will appear Unverified, as displayed below



  1. In case of Verified, click Generate to process a certificate. The Certificate Generated confirmation message will appear, as displayed below:



Following are the steps to create a certificate request for TLS authentication with DV as none (CAA Records) TLS using CSR with CV as None (CAA Records)


  1. On the web portal, navigate to the Certificate Center from the left menu pane and then click "Certificate Requests". Then click to create a new certificate request.



  1. After selecting the Certificate Type from the drop down, click "Create".



  1. The upload CSR screen will appear. Upload or paste a CSR and click next. Once the CSR is uploaded, the following screen will be displayed:



  1. Click next, the Subject Distinguished Name (SDN) screen will appear.



  1. The Subject Alternative Name (SAN) screen will appear. Select the domain names (DNS) from the drop down, then enter the IP address, email address. In the Other name section, enter the OID, Value and click Add Other Name, then click >. 



  1. The Certificate Validity screen will appear. The validity period will be displayed in a disabled form. Click Generate.



  1. The Domain Ownership Verification screen will appear. The Domain Verification Status will appear Unverified. Click Verify to proceed. 



  1. If the CAA records you configured in the Enterprise Domain configurations matches the CA record you entered in the DNS entry, the domain Verification Status will appear Verified, as displayed below:



  1. In case of Verified, click Generate to process a certificate. The Certificate Generated confirmation message will appear, as displayed below:



Second Factor Authentication 


If second factor authentication is enabled on certificate requests, the configured authentication mechanism will function accordingly. When a user clicks on the Generate button, the authentication window will appear, and once it accepts the selected method, it will generate a certificate. 


The authentication mechanism can be one of the following:


  • SMS OTP Authentication 
  • Email OTP Authentication 
  • Email & SMS Authentication
  • SAML Authentication 
  • Active Directory Authentication 
  • Azure Active Directory Authentication
  • OIDC Authentication 



Request Notes


If an operator has added customized request notes in certificate requests pertaining to a specific enterprise, they will appear in all types of certificates requests i.e. issued, rekey, revoked, renewed and reissued certificate requests. The request notes will appear on the steppers only against which the operator has customised them. 


An operator can configure it from the Enterprise Request Notes section in the admin portal.


Following are a few things to remember with respect to SDNs, SANs and RDNs:


  • When a user creates a new certificate request, the SDNs and SANs will be rendered as configured in the certification profile and its values will be auto-filled from the certificate details. 


  • A user will not be able to change the values of the RDNs, if an operator has configured them in the certificate details.


  • An operator will see the rendered values in a disabled form. 


  • If there is an RDN that is added in certification profile, but has not been configured in the user's certificate details, then it will be shown as editable in the request form and the user can update its value.


  • If no RDN is configured in the user certificate details then the request will be generated.


  • In case of an error, the user will not be allowed to move to the next step. 


Edit a Certificate Request


If a certificate request is created and it is still incomplete, it will appear in a draft state. Click  icon and select "Edit Request" to complete a certificate request.

Once a request completed, it will be shown as Approved under certificate requests list.


View / Download a Certificate


A certificate's information can be viewed or downloaded from Certificate Requests list. Click  icon and select View Certificate or Download Certificate option. 

If you click "View Certificate" a dialog will appear to display certificate related information. If you click on "Download Certificate" it downloads the certificate in your configured folder.