Certificate and End Entity Life Cycle Management

The Search menu allows administrators with appropriate access rights to search for certificates or end entities (users, devices, and so on).

Certificates

Use the search field to search for certificates and show search results as you type. Search is performed over the certificate:

  • Distinguished Name
  • Subject Alternative Name
  • Serial Number
  • End Entity username that the certificate is issued for

Use the corresponding list menus to narrow the search to a specific End Entity ProfileCertificate Profile, CA, and Certificate Status.

Click Show more options to access time fields to limit the search for certificates issued, expired, or revoked before or after the time specified.

You can also select the maximum number of results that will be shown.

Search results are presented in a list with some certificate fields as columns. Click View on a row to display details of the certificate. While viewing the details, click one of the download links at the bottom of the page to either download the certificate or the CSR (if existing). Alternatively, click Show more details to display an ASN.1 dump of the certificate contents.

Requesting revocation

While viewing a specific certificate you can request a revocation, or revoke the certificate immediately if you have the proper rights, by selecting revocation reason in the list menu at the Certificate Status section and clicking Revoke.

Requesting key recovery

Viewing a certificate, you can also request key recovery for the selected certificate. This is done by clicking Recover Key, provide a new enrollment code and then click Confirm request. If the operation requires approval, a link will be provided at the bottom of the page along with a request id which is used to check the status of your request. Once the request is approved by another administrator, a new certificate can be enrolled through Enroll > Use Request ID / Username. If the operation does not require approval, a new certificate may be enrolled instantly from Enroll > Use Username.

The Recover Key button is only visible if the logged in Administrator is authorized to perform key recovery and key recovery data exists for the user.

End Entities

Searching for end entities is done as you type in the search field. Search is done over the end entities:

  • Distinguished Name
  • Subject Alternative Name
  • Username

By choosing in the fields below the search field you can narrow the search to a specific:

  • End Entity Profile
  • Certificate Profile
  • CA
  • End Entity Status

By clicking Show more options you also get access to time fields to limit the search in time:

  • End entity modified before or after a specific time

You can also select the maximum number of results that will be shown.

Search results are presented in a list with some end entity fields as columns. You can also click View or Edit on the right in a row to display or edit the details of the end entity.

Viewing an End Entity

The View End Entity page displays detailed information about the End Entity as well as a list of Certificates related to that End Entity. The Previous and Next buttons at the top of the page can be used to traverse the list of End Entities found on the Search for End Entities page. Click Edit to edit the End Entity.

Editing an End Entity

In Edit mode, the End Entity Status, Key Store Type and Enrollment Code can be changed. Note that an Enrollment Code must be specified when changing the Status, in order to authenticate the enrollment.

If the End Entity has an attached CSR, then the CSR can be cleared by selecting Clear CSR and saving the End Entity.