When you enroll for the Certificate Request E-Form, a customized URL is created for the administrator. The customized URL is displayed on the Contract Information and E-Form Settings page of the CMS. The Administrator can send this link to technical staff so they can submit certificate requests by E-Form. The following process occurs:
• An employee requests a certificate using a certificate request E-Form.
• The certificate request appears as Pending in both the Inventory information page and the Management dashboard.
• The certificate request is confirmed by a super administrator (or a
sub-administrator with permission to manage that client, organization, or domain).
• If the certificate request is confirmed, its status changes from Pending to Ready and the certificate can be used.
• A certificate retrieval link is sent to the person who requested the certificate.
The E-Form behaves as follows:
• If all available certificates of the type requested have been issued (nothing is available in inventory) a message that no certificates are available is displayed instead of the E-Form.
• The Certificate Type field is not displayed on the E-Form if only one type of certificate is available.
• Once submitted, the requested item is removed from the general account inventory. For example, the number of certificates of that type in inventory is decreased by one when an administrator approves the certificate request and the certificate is used.
To use the Certificate Request E-Form for a CDS or code-signing certificate request
1 Browse to the customized URL for the Certificate Request E-Form that was provided to you by your account administrator.
Note
:The information on the Web page may vary slightly for different types of certificates.
2 Select the type of certificate.
The Certificate Request E-Form page displays.:
3 Complete the information for all the fields on the page, as follows:
• First Name
The first name of the person submitting the certificate request.
• Last Name
The last name of the person submitting the certificate request.
• Email Address
A notification address (for example, the address of the person requesting the certificate) the domain in the email address must match the domain of the client requesting the certificate. If the address is [email protected], CMS must recognize example.com as a registered domain of the client that appears in the Client Name field.
• Phone number
The telephone number of the person submitting the certificate request.
• Department
The name of the department requesting the certificate.
• Role/Position/Title
The role of the person requesting the certificate (appears as part of the DN in the certificate).
• Client Name
Select the approved client company name from the drop-down menu (this will appear as part of the DN in the certificate). This list is populated from the list of approved clients in the CMS.
4 Fill in the Certificate Information pane as follows:
• Certificate Type
This field is filled in automatically.
• Tracking fields
Add any additional tracking information to these fields.
• Additional Emails
Add a comma delimited list of the email addresses of any other individuals who should be notified when this certificate is close to its expiry date.
• Expiry Date
Select the number of years until the certificate expires.
Note
:Administrators can override the expiry date of certificates when they approve the request form.
• Password
Enter the password used to protect the form.
• Confirm Password
Enter the password again to confirm that there were no errors.
5 The DN builder uses information from the request to create the DN that appears in the certificate. Using the DN builder you can control the information appearing in the CN and OU of the certificate’s DN. Fill out the DN builder pane as follows:
• Common Name
Select the common name (CN) to use in the DN from the pull-down menu.
For example, this could be the role of the person requesting the certificate.
This information in this menu is populated from the role/position/title field.
• Organizational Name
Select the organizational name (ou) to use in the DN from the pull-down menu. For example this could be the information in the Department field.
The information in this menu is populated from either the department or the role/position/title fields.
6 Click the Next button.
A confirmation page is displayed.
An email is sent to the administrator to inform them that a request is waiting for approval. To continue creating the certificate, an administrator must verify and approve the certificate from the CMS.
If the administrator declines the request, the CMS sends an email to the E-Form user, stating that the request has been declined and the reason.
To use the Certificate Request E-Form to create an SSL certificate request 1 Browse to the customized URL for the Certificate Request E-Form that was
provided by your administrator.
2 Select the type of certificate to request.
The Certificate Request E-Form page opens:
3 Complete the information for all the fields on the page, as follows:
Full Name
The full name of the person submitting the certificate request.
• Additional tracking fields
These appear if additional tracking fields are configured. Enter any additional tracking information.
Enter the email address of the person submitting the request. If you are submitting an EV request, the domain in the email address must be recognized by CMS as the one of the domains registered to the client.
• Phone
Enter the telephone number of the person submitting the request into this field.
• Certificate Type
This field is filled automatically.
• Organization Name
Select the approved client company name (o=) from the drop-down menu.
• Expiry Date
Select the life span of the certificate.
If you are creating a code-signing certificate, go to Step 6 on page 90.
• Password and Confirm Password
Create and confirm a password to use with the certificate. A strong password is required. The red x icons will turn to green check marks as you complete the requirements of a strong password.
4 If a password is required, enter it in the Password field (if you do not know the password contact your administrator). The password is the same for everyone using the E-Form.
5 Copy the certificate signing request (created on the machine where the certificate will be installed) into the field provided. If you do not know how to generate a CSR, click How to generate a CSR. Be sure to include the Begin new certificate request and End new certificate request lines including the leading and trailing dashes.
6 Click Next.
A confirmation screen appears. If you are creating UC Multi-Domain certificates or EV Multi-Domain certificates continue to Step 7; if not go to Step 8.
7 In the Request confirmation page, use the SubjectAltNames (SANs) field to enter additional domains. If you added these domains as SANs to the CSR when you created it, you can skip this step.
All domains must be valid. Be sure that you have a sufficient number of SANs in inventory. See “SANs (for additional domains)” on page 15 for information about SAN administration.
8 Check the information. If it is correct, click Accept. If not click Edit or Decline.
After you click Accept, the CMS sends an email message to the administrator that a request requires administrator approval. The administrator must complete the approval process to create the certificate.
Attention
:It is essential that the administrator verifies the certificate request before approval. Ensure that all information provided is correct.
If the administrator approves the request, the CMS sends an email message to the E-form user containing a retrieval link.
If you have configured the Client request e-form notification option, and the administrator declines the request an email stating that the request has been declined and explaining why is sent to the E-Form user.