This section describes the registration authority interface to the OpenCA PKI. From these screens an RA Administrator can manage certificate requests, view certificate information and manage the RA server.
The user is first asked to authenticate themselves to the RA, depending on the configuration, this authentication may be nothing, username and password or by certificate.
Each one of the headings below coresponds to tab accross the top of the default RA screens.
Pressing this link takes the user to the RA Node interface. From here the RA user can control data flow to and from the RA.
Pressing this link takes the user to the LDAP Administration interface. From here the RA user can control the import and deletion of data from the LDAP Directory (if it is configured).
This tab list functions that can be performed on Active Certificate Signing Requests, i.e. requests from users for a certificate.
This link shows new CSRs at a specific Registration Authority with a certain Level of Assurance (as specified by the user at certificate request time). The RA Operator chooses the RA and LoA.
The screen shows all the new CSRs.
Each one of the requests must be processed in turn. By clicking the serial number of the request the operator is presented with the details of the request. Four options are then available to the RA Operator:
Pressing this button allows the RA User to edit the details of the request. The editable fields are; Subject alternative name (this is usually defaulted to the supplied email address, but can contain other fields), Subject (or the DN) and Role (or certificate type).
Pressing this button allows the RA User to approve the request and use a certificate to sign this approval. Upon pressing the button the RA User is presented with a list of certificates with which to sign the request approval. Note, if the requests are going to be processed on the CA as a batch process, then each request must be signed with a valid RA certificate (signed by the certificate authority).
Pressing this button approves the request. Note, this can potentially be dangerous as the CA Administrator will have to make a trust decision to process the request or not. If the approved request was signed by a valid RA cert then this decision is unnecesary.
This screen displays any re-newed certificate siging requests. The list of options is the same as the "New" function.
A user can initiate their own certificate revocation or it can be initiated by an RA Operator. This screen shows Certificate Revocation Eequests in various states.
This section shows new certificate revocation requests. The RA Operator can process them by clicking on the CRR serial number.
Pressing this button allows the RA User to approve the revocation request and use a certificate to sign this approval. Upon pressing the button the RA User is presented with a list of certificates with which to sign the request approval. Note, if the requests are going to be processed on the CA as a batch process, then each request must be signed with a valid RA certificate (signed by the certificate authority).
Pressing this button approves the revocation request. Note, this can potentially be dangerous as the CA Administrator will have to make a trust decision to process the request or not. If the approved request was signed by a valid RA cert then this decision is unnecesary.
This section shows CRRs that have been approved and exported to the CA.
This tab allows the RA Operator a different view of CSRs, CRR, User certificates, CA certificates and CRLs.
This link displays the user submitted requests and enables the RA Administrator to presses them.
The following lists of certificate requests can be displayed.
New
Renewed
Pending
Signed (waiting for additional signature)
Approved
Archived
Deleted
This link displays the user submitted revocation requests and enables the RA Administrator to presses them.
The following lists of certificate revocation requests can be displayed.
New
Pending
Signed (waiting for additional signature)
Approved
Archived
Deleted
This link displays information about certificates in the PKI.
The following lists of certificates can be displayed.
Valid
Expired
Suspended
Revoked
This link displays information about CA certificates in the PKI.
The following lists of CA certificates can be displayed.
Valid
Expired
This section contains RA Operator utilities.
This allows the RA Operator to search for a specific certificate based on Name, Email, DN or Role.
This allows the RA Operator to search for a specific certificate signing request based on Name, Email, DN or Role.