Certificates

Available certificates for a realm can be viewed and searched for in the Certificates page. An advanced search and filtering mechanism provides a wide range of ways to find a specific certificate. An option to export selected rows as Comma Separated Values (CSV) is available via the Actions → Export selected as CSV. There is also a filter that an admin can use to view only the archived certificates. This filter can be triggered by pressing the Show Archived button in the Actions dropdown list.

External certificates can be imported in the Certificates / Show tab by clicking the Import button. After selecting a valid policy that will be used for the certificates, the user can then select the file that contains the PEM-encoded certificates to be imported. Once the PEM file is selected, the total number of certificates that will be imported is displayed and the user can then complete or cancel the import.

A user can archive or unarchive a certificate by entering the Certificate/Show tab. There, by pressing the certificate’s name, the user will be redirected to the certificate details page. By pressing the Archive or the Unarchive button the certificate will be archived or unarchived accordingly. Batch Archive and Batch Undo-Archive actions are also supported by selecting the checkboxes of the desired certificates and choosing the Archive All Selected and Undo-Archive All Selected buttons in the Actions dropdown. Upon certificate archive/unarchive, its associated certificate request will also be archived/unarchived respectively. Active certificates can not be archived. Archived certificates that are linked to an archived policy, end entity or realm can not be unarchived. Archived certificates can not be used for new operations.

A user can delete an archived certificate through the Certificate page, the Show Certificates Table or the Administration/Archived Data Removal tab. In the Certificate page after archiving the entity a Delete button will appear. In the Show Certificates Table by pressing Actions→Show Archived the table will show the archived entities, and here the certificates can be selected, and through Actions→Delete all selected they can be deleted. Furthermore, the user can delete one Certificate at a time by pressing the row actions button and then Delete Certificate. Finally, in the Choose entity to delete dropdown choose Certificates. As an extra safeguard there is the option to restrict the archived records that are going to be deleted by the date on which they were archived. In the Choose date calendar select the date, before which the records should have been archived, in order to be deleted with this action and press Delete. Upon deletion, the certificate requests linked to the deleted certificates will also be deleted.

A certificate can be downloaded either in single mode or in chain mode, where the complete certificate chain is downloaded in PEM format.

The private key of a certificate can be retrieved in PEM format.

The latest certificate revocation list (CRL) of the issuing CA, can be downloaded from the certificate details page via the Download button. The CRL is not retrieved directly from the CA, rather the CRL distribution points of the certificate are used instead and access to these points is required, in order for the CRL to be downloaded successfully.

A certificate can be sent to the end entity’s E-Mail.

In the certificate details page, an Ocsp Status field presents the current OCSP (Online Certificate Status Protocol) status of the certificate as provided by the OSCP Responder configured within the certificate itself.

A certificate can be revoked by providing a revocation reason.

One or more certificate(s) can be marked as revoked. These certificate(s) are not actually going to be revoked, they are just going to be marked as such.