====== Modules - Certificates: Approving certificate request ====== This tutorial shows how to set approvers for certificate requests. ===== What do you need before you start ===== * You need install **CzechIdM 7.7.0** (and higher). * You need be logged in as **admin**. * You need enable **Certificate** module. * You are familiar with [[tutorial:adm:modules_crt|certificates module]] tutorial. ===== Create role for approvers ===== * In the left menu click on **Roles**. * In the following page click on **Add** green button in the upper-right corner. * Fill **Name** as "certificate_approvers". * Click on **Save and continue** gree button. * Click on **Permissions** tab. * In the following page click on **Add** green button in the upper-right corner. * Choose **Entity type** as "Certificate requests" and in **Permissions** choose "all" (as in picture below) {{ :tutorial:adm:ca_permission.png |}} * Now click again on **Add** button to add another permission. * And fill to **Entity type** "Certificates" and to **Permissions** "all". * **Add** another permission **Entity type** is "Certificate authorities" and to **Permission** fill "autocomplete". * Our new role needs one more permission: **Entity type** - "Workflow - tasks" **Permission** - "Read" to actually get into **Tasks** agenda. Now we have a role for approvers. In next step, we will create a user and assign him this approver role. ===== Create user for approving requests ===== * In the left menu click on **Users**. * On the following page click on **Create user** green button in the upper-right corner. * Fill **Login**, **First name**, **Surname** and **Password**. In the tutorial, we are using "Login: crtapp, First name: Jack, Surname: Approver". * Then click on green **arrow** next to **Create** button and click on **Create and edit**. * Click on **Roles** tab and then on **Manage authorizations** yellow button. {{ :tutorial:adm:ca_addrole.png |}} * On this page click on **Add** button. * In popup window select role **certificate_approvers** and click on **Set** button. * Now you should have the same state as in the picture below. Then click on **Submit a request** button. {{ :tutorial:adm:ca_addrole_concept.png |}} ===== Set role as approver ===== Now you may begin tutorial for [[tutorial:adm:modules_crt|certificates module]]. But when we are creating **certificate authority** we fill in **Approver roles** and enable **Enable approving by workflow process** as in the picture below. (Or you can modify another certificate authority already created in same section.) {{ :tutorial:adm:ca_approving.png |}} ===== Approving of certificates ===== You can continue [[tutorial:adm:modules_crt|certificates module]] tutorial. And in **Generate certificate** after you submit a **New certificate request** (in **Generate certificate by CSR** this popup window's name is **Certificate request detail**) you will be left with this: {{ :tutorial:adm:ca_05.png |}} So now we have to wait for approvers to accept our request. But since it is tutorial we will do it ourselves: Sign in as Jack. and then: * Go to **Tasks** * Click on our "create certificate" request. * Read request and then click on green **Accept** button. * (As you can see in the picture below, Jack Approver does not have enough permission to get information on admin.) {{ :tutorial:adm:ca_approve.png |}} And now log back in as an admin and you can continue with [[tutorial:adm:modules_crt|certificates module]] tutorial. A process of renewing or revoke of certificates is approved automatically. Because especially in revoke situation user want to revoke certificate immediately. ===== Video Guide ===== [[https://www.youtube.com/watch?v=E56huh9uNcA&list=PLBeAQt3pe3EcdVE8QpCDEJcDsi_jtNQUb&index=8|How to create certificate]] - czech language