Manage User Certificate
Officer can create and manage User Certificates in this section
Revoke/Suspend
An Officer can revoke or suspend user certificates of his/her group manually, if necessary, using this UI.
Revocations or suspensions of certificates may become necessary if keys have been compromised or access must be suspended temporarily for validation purposes.
Select a search criterion from the dropdown box on the left.
The following search criteria are available:
Serial Number – the serial number of the user certificate.
Common Name – the common name (CN) of the user certificate.
Issuer Name – the CN of the issuer (= CA) of the user certificate.
Subscriber Id – the subscriber ID used to create the user certificate.
For all search criteria except Issuer Name, the search value can be inserted in the right field.
For Issuer Name, the right field changes to a dropdown box from which you can select any existing CA name.
The following image displays and example for filtering for a specific issuer:
View Certificate
Click on 
to view the user certificate details:
Revoke the certificate
Click on 
to open the following revocation dialog:
Select one of the following revocation reasons from the dropdown list.
Please add a comment in the "Remarks" section explaining the reason for revoking or suspending the certificate.
Click on "Confirm" to continue.
You will need to authenticate the revocation using your Officer token and proceed by pressing the Authenticate button.
Click on "Revoke" to proceed with the revocation process.
Reinstate
An officer can manually reinstate suspended user certificates for their group using this UI. Reinstated certificates will be removed from the next corresponding CRL.
Select a search criterion from the dropdown box on the left. The following search criteria are available:
Serial Number – the serial number of the user certificate.
Common Name – the common name (CN) of the user certificate.
Issuer Name – the CN of the issuer (= CA) of the user certificate.
Subscriber Id – the subscriber ID used to create the user certificate.
For all search criteria, except Issuer Name, enter the search value in the right field. However, when searching for Issuer Name, the right field becomes a dropdown box containing all existing CA names.
The following image displays an example for filtering for a specific issuer:
View Certificate
Click on 
to view the user certificate details:
Reinstate the certificate
Click on 
to open the following reinstation dialog:
Please provide an explanation as to why the certificate was reinstated into the Remarks section.
Click "Confirm", authenticate with the Officer token, then press "Authenticate"..
To proceed with the reinstatement process, please click on the "Reinstate" button.
Search
The user can search for their own group's certificates only. Certificates of other groups are not accessible. User certificates refer to non-CA and non-role owner certificates within the EmCA Application database.
Select a search criterion from the dropdown box on the left. The following search criteria are available:
Serial Number – the serial number of the user certificate.
Common Name – the common name (CN) of the user certificate.
Issuer Name – the CN of the issuer (= CA) of the user certificate
Status – the state of the certificate
Subscriber Id – the subscriber ID used to create the user certificate
For all search criteria except Issuer Name and Status, insert the search value in the right field. For Issuer Name, select an existing CA name from a dropdown box.
For Status, the right field changes to the following dropdown box:
After inserting the search value or selecting the status filter, click Search to filter for all matching user certificates.
The following image shows an example of a CA-specific filter:
Each entry in the table “Certificate Details” represents one user certificate.
View Certificate
Click on 
to view the user certificate details:
Click on 
to download the user certificate as
DER-encoded X.509 certificate (.cer)
Base64-encoded X.509 certificate (.cer)
Cryptographic Message Syntax Standard PKCS#7 certificate (.p7b)
Select the export format of your choice and click "Download" to start the download of the user certificate.
The user certificate will be downloaded to the standard download location of your OS.
Sign CSR
Officers can generate user certificates based on a Certificate Signing Request (CSR) manually using the following UI.
User certificates are any non-CA and non-role owner certificates in the emCA Application database.
The result of this UI is always just the public key for a new user.
The private key can be stored independently from the PKI.
To begin, choose the configuration type as "Upload". Next, click on "Choose file" to select the CSR.
Once you have done that, select a certificate profile from the dropdown list. This will automatically fill in the correct issuing CA in the "Certifying Authority" field.
Click on "View" next to the chosen certificate profile to inspect the profile in a read-only view.
Click on "View" next to the issuing CA in order to inspect the CA’s certificate.
Click "Proceed" to continue to the next stage. The summary of the certificate request will be displayed.
The "CSR Details" section displays information that can be obtained from the given CSR.
Click on 
in order to download the CSR again.
Click on "Edit" in order to change the information loaded from the CSR.
If not all required data (marked by *) is loaded from the CSR, you will need to fill it in manually.
"Other Details" shows the key size that was determined from the CSR as well as the chosen options for the certificate.
You will need to authenticate the generation of the certificate. Use your Officer token to authenticate and press "Authenticate" to proceed.
Click "Sign CSR" to complete certificate generation. After successful signing, the following message will appear.
Click "Download Certificate" in order to retrieve the new user certificate.
Bulk Sign CSR
Manually Authorize Certificate
If a certificate profile has "Manual Authorization Enabled," an officer can review and approve or reject any certificate requests using this UI.
Click "Export to Excel" to export the entire table to an XLSX file. The file will be downloaded to the standard download location of your OS.
View Certificate
Click on 
to view the user certificate details:
Download Certificate
Click on 
to download the user certificate as
DER-encoded X.509 certificate (.cer)
Base64-encoded X.509 certificate (.cer)
Cryptographic Message Syntax Standard PKCS#7 certificate (.p7b)
Select your desired "export format" and click Download to obtain your user certificate. The certificate will be automatically saved to the standard download location of your operating system.
Approve
Click on 
icon to open the following approval dialog:
Before approval, click "Edit" to correct CSR details if needed.
To validate the CSR, click on the "Approve" button. If you want to reject the CSR instead, click on the "Reject" button.
After approving, you will need to authenticate the action using your Officer token, then proceed by pressing "Authenticate".
To finish the approval action, simply click on the "Confirm" button.
STC Requests
If a certificate request with CT Logs Enabled and Manual Process Type is created, an Officer can import a response, view certificate, and download certificate using this UI.
Click "Export to Excel" to download the entire table as an XLSX file.
View Certificate
Click on 
to view the user certificate details:
Download Certificate
Click on 
to download the user certificate as
DER-encoded X.509 certificate (.cer)
Base64-encoded X.509 certificate (.cer)Cryptographic Message Syntax Standard PKCS#7 certificate (.p7b)
Select your preferred export format and click 'Download' to obtain your user certificate. The certificate will be saved to the default download location on your OS.
Last updated