This module is used to display the list of all issued, revoked and suspended certificates. The admin and enterprise administrators can optionally view, download and revoke the certificates for any user considering the following rules:


  • An Admin RAO can see list of all issued certificates regardless of the enterprise affiliation
  • An Enterprise RAO can only see the list of certificates issued under his enterprise
  • Clicking the Request ID URL will show the complete detail of the request e.g.:
    • List of validation checks performed on the CSR before submitting the request to the CA.
    • Download the CSR to manually evaluate it using a third party software.
    • List of attributes of the CSR.
    • Any other information that is required for audit purposes.


On the admin portal:


Click Certificates from the left menu pane.The certificates listing will appear. The Issued to section will display Citizen ID below the user name if it is enabled in the Configurations > Default Settings.



The Advanced Search () is available inside the Search bar that allows an admin to search the certificates using different parameters (even ranges). It also includes the citizen ID. This feature is very useful to search a certificate from a large number of certificates.



An operator can perform a number of actions by clicking on the button like view certificate, download certificate or more actions, as displayed below: 



  • To view a certificate, click the  button adjacent to the certificate and click the View option.
  • To download a certificate on the file system, click the  button adjacent to the certificate and click the Download option.


More Actions


Once you click "More Actions" button, you can perform the following actions:



Revoke Certificate 


An administrator can revoke certificates from certificate listing.


Click "Certificates" from the left menu pane, then click

Click "More Actions" and Certificate Action screen will appear:


'


Once you select the action, certificate revocation reason drop down will be displayed, you can also add an optional message, tick the confirmation message and click "Revoke". Then the OTP screen will appear: 



A roaster message Certificate Revoked will appear.


ADSS Web RA supports the following types of TLS certificates:

  • EVS TLS Server authentication
  • TLS Client authentication
  • TLS Server authentication


When an EV TLS Server authentication certificate is revoked, ADSS Web RA will support only the following six revocation reasons:


  1. Unspecified 
  2. Key Compromise
  3. Affiliation Change 
  4. Superseded
  5. Cease of Operation 
  6. Privilege Withdrawn


Certificate Suspension


The first two steps for certificate suspension remain similar to the revocation process as explained above. However, on the Certificate Action screen, select Certificate Hold from the certificate revocation reason drop down ,add an optional message if required, tick the confirmation checkbox:



Once you click "Revoke", a roaster message Certificate Suspended will appear, 


Certificate Reinstate

An administrator can also reinstate a suspended certificate from certificate listing. When an operator clicks on the button, the More Actions will appear as displayed in the image below. Click it to proceed further. 


After selecting the options, click the Reinstate button and a roaster message "Certificate Reinstated" will appear: 


Rekey Certificate


An administrator can rekey their certificates from certificate listing. When an operator clicks on the button, the More Actions will appear as displayed in the image below. Click it to proceed further. (This should be configured in the Configurations > Policy section.)



From the next screen, the administrator can choose Rekey Certificate as displayed below:



  • Administrators can create CSR or smart card certificates. 
  • Check the tick-box 'Are you sure you want to rekey this certificate?' and click the view request button 



  • Administrators can create CSR or Smart card certificates.
  • Click on Rekey Certificate to open the request form. 


  1. By clicking on 'Upload CSR' a new CSR will be uploaded and all other options in the request form will be based on the CSR uploaded by the user. 



  1. In case of CSR ($PKCS10 or $Request) request form will be disabled and the user will not be able to edit the request form after uploading the CSR. 



  1. Click on the 'Close' button, so action will be performed and the user will be redirected to the list of certificates. 



  1. Now click on the 'Rekey' button if the OTP is enabled in the profile, then a dialog will appear with OTP details to rekey the certificate. 





By clicking on the 'Rekey' button a new request and request category will be created with the 'Approved' status and the certificate will be rekeyed. The existing certificate status will be changed to 'Revoked' for server-side certificates and for local certificate (CSR/Token) certificate will be in the 'Issued' status.

  

Certificate History 


ADSS Web RA allows its users to view Certificate History for rekeyed and reissued certificates. 


Admin > Certificates > Press to find the History option against rekeyed and reissued certificates as displayed in the screenshot below:




It will display all the actions performed against the certificates and it details. 

A user cannot delete any parent certificate. When a child certificate is deleted, its parent certificate will be deleted automatically. 


Delete a Certificate


  1. Expand Requests > Certificate Requests.
  2. A list of certificate requests will appear. Select the request number check box against the request to delete. Then click the button.



  1. A confirmation dialog will appear as displayed below. It will also delete certificate (s) against this request,



This note appears according to the configurations in the Policy section in the Admin portal.