Modules - Certificates: Approving certificate request

This tutorial shows how to set approvers for certificate requests.

  • You need install CzechIdM 7.7.0 (and higher).
  • You need be logged in as admin.
  • You need enable Certificate module.
  • You are familiar with certificates module tutorial.
  • In the left menu click on Roles.
  • In the following page click on Add green button in the upper-right corner.
  • Fill Name as "certificate_approvers".
  • Click on Save and continue gree button.
  • Click on Permissions tab.
  • In the following page click on Add green button in the upper-right corner.
  • Choose Entity type as "Certificate requests" and in Permissions choose "all" (as in picture below)

  • Now click again on Add button to add another permission.
  • And fill to Entity type "Certificates" and to Permissions "all".
  • Add another permission Entity type is "Certificate authorities" and to Permission fill "autocomplete".
  • Our new role needs one more permission: Entity type - "Workflow - tasks" Permission - "Read" to actually get into Tasks agenda.

Now we have a role for approvers. In next step, we will create a user and assign him this approver role.

* In the left menu click on Users.

  • On the following page click on Create user green button in the upper-right corner.
  • Fill Login, First name, Surname and Password. In the tutorial, we are using "Login: crtapp, First name: Jack, Surname: Approver".
  • Then click on green arrow next to Create button and click on Create and edit.
  • Click on Roles tab and then on Manage authorizations yellow button.

  • On this page click on Add button.
  • In popup window select role certificate_approvers and click on Set button.
  • Now you should have the same state as in the picture below. Then click on Submit a request button.

Now you may begin tutorial for certificates module. But when we are creating certificate authority we fill in Approver roles and enable Enable approving by workflow process as in the picture below. (Or you can modify another certificate authority already created in same section.)

You can continue certificates module tutorial. And in Generate certificate after you submit a New certificate request (in Generate certificate by CSR this popup window's name is Certificate request detail) you will be left with this:

So now we have to wait for approvers to accept our request. But since it is tutorial we will do it ourselves: Sign in as Jack. and then:

  • Go to Tasks
  • Click on our "create certificate" request.
  • Read request and then click on green Accept button.
  • (As you can see in the picture below, Jack Approver does not have enough permission to get information on admin.)

And now log back in as an admin and you can continue with certificates module tutorial.

A process of renewing or revoke of certificates is approved automatically. Because especially in revoke situation user want to revoke certificate immediately.

How to create certificate - czech language