Table of Contents

How does ADSS RA Service process the certification requests?

ADSS RA Service is capable of issuing certificates through multiple channels, i.e. SCEP, Web services and Face to Face meetings. The certificates issuance requests can either be Synchronous or Asynchronous. SCEP is always synchronous while Web services interface can be synchronous or asynchronous based on configurations. Synchronous requests are auto processed without user intervention while asynchronous requests are set to pending state and require reviewing by the RA Operators before forwarding them to the ADSS CA Server for issuance. 

Network devices, mobile devices, servers, firewalls, etc. can use SCEP to send certificate issuance requests to ADSS RA Service. In this regard, the operator has to configure upfront the Subject DN and a Challenge password for each device in the "Device Certificates" section of ADSS RA Service. The SCEP requests must then exactly match with the configured Subject DN and Challenge Password for the respected device. In case of any mismatch in Subject DN or Challenge Password, the request will be rejected.
 

The certificate issuance request for a device via web service can either be Synchronous and Asynchronous. The operator has to configure upfront the Subject DN and a Challenge password for each device in the "Device Certificates" section of ADSS RA Service. The request must exactly match with the configured Subject DN attributes and Challenge Password of the particular device, otherwise the request will be rejected. However, in case of asynchronous request, the RA Operator can review the certificate request before forwarding the request to the ADSS CA Server.

The certificate issuance request for an end-user via web service can also be Synchronous and Asynchronous. The operator can configure Subject DN in the 'RA Profiles' section. The synchronous requests are processed right away. However, in case of asynchronous request, the RA Operator can review the certificate request before forwarding the request to the ADSS CA Server. See the below KB (How the Subject DN sent via the ADSS RA Web Service processed) to know more about how the received Subject DN is checked both in the case of synchronous or asynchronous requests.

The RA Operator can set the values for the required Subject DN attributes in a Face to Face meeting with the end user, before forwarding the request to the ADSS CA Server. As a result, digital certificates are issued right away. 

How to make the certification requests received over the RA web service interface to be processed synchronously?

Synchronous processing method is used to issue digital certificates against incoming certificate requests without any manual user intervention.To enable certification request to be processed synchronously, 

Now all the certification requests that will use this RA profile will be processed synchronously and certificates will be issued right away.

SCEP based certification requests are always processed synchronously.

How the Subject DN sent via the ADSS RA Web Service processed?

ADSS RA web service processes the certification requests as per the following rules: