Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
tutorial:adm:modules_crt_approving_request [2019/01/07 08:02]
romana
tutorial:adm:modules_crt_approving_request [2019/01/07 12:04] (current)
romana
Line 1: Line 1:
 +====== Modules - Certificates:​ Approving certificate request ======
 +This tutorial shows how to set approvers for certificate requests.
 +===== What do you need before you start =====
 +  * You need install **CzechIdM 7.7.0** (and higher).
 +  * You need be logged in as **admin**.
 +  * You need enable **Certificate** module.
 +  * You are familiar with [[tutorial:​adm:​modules_crt|certificates module]] tutorial.
  
 +===== Create role for approvers =====
 +  * In the left menu click on **Roles**. ​
 +  * In the following page click on **Add** green button in the upper-right corner.
 +  * Fill **Name** as "​certificate_approvers"​.
 +  * Click on **Save and continue** gree button.
 +  * Click on **Permissions** tab.
 +  * In the following page click on **Add** green button in the upper-right corner.
 +  * Choose **Entity type** as "​Certificate requests"​ and in **Permissions** choose "​all"​ (as in picture below)
 +
 +{{ :​tutorial:​adm:​ca_permission.png |}}
 +
 +  * Now click again on **Add** button to add another permission.
 +  * And fill to **Entity type** "​Certificates"​ and to **Permissions** "​all"​.
 +  * **Add** another permission **Entity type** is "​Certificate authorities"​ and to **Permission** fill "​autocomplete"​.
 +  * Our new role needs one more permission: **Entity type** - "​Workflow - tasks" **Permission** - "​Read"​ to actually get into **Tasks** agenda.
 +
 +Now we have a role for approvers. In next step, we will create a user and assign him this approver role.
 +
 +===== Create user for approving requests =====
 + * In the left menu click on **Users**.
 +  * On the following page click on **Create user** green button in the upper-right corner.
 +  * Fill **Login**, **First name**, **Surname** and **Password**. In the tutorial, we are using "​Login:​ crtapp, First name: Jack, Surname: Approver"​.
 +  * Then click on green **arrow** next to **Create** button and click on **Create and edit**.
 +  * Click on **Roles** tab and then on **Manage authorizations** yellow button.
 +
 +{{ :​tutorial:​adm:​ca_addrole.png |}}
 +
 +  * On this page click on **Add** button.
 +  * In popup window select role **certificate_approvers** and click on **Set** button.
 +  * Now you should have the same state as in the picture below. Then click on **Submit a request** button.
 +
 +{{ :​tutorial:​adm:​ca_addrole_concept.png |}}
 +
 +===== Set role as approver =====
 +Now you may begin tutorial for [[tutorial:​adm:​modules_crt|certificates module]]. But when we are creating **certificate authority** we fill in **Approver roles** and enable **Enable approving by workflow process** as in the picture below. (Or you can modify another certificate authority already created in same section.)
 +
 +{{ :​tutorial:​adm:​ca_approving.png |}}
 +
 +===== Approving of certificates =====
 +You can continue [[tutorial:​adm:​modules_crt|certificates module]] tutorial. And in **Generate certificate** after you submit a **New certificate request** (in **Generate certificate by CSR** this popup window'​s name is **Certificate request detail**) you will be left with this:
 +
 +{{ :​tutorial:​adm:​ca_05.png |}}
 +
 +So now we have to wait for approvers to accept our request. But since it is tutorial we will do it ourselves:
 +Sign in as Jack. and then:
 +  * Go to **Tasks**
 +  * Click on our "​create certificate"​ request.
 +  * Read request and then click on green **Accept** button.
 +  * (As you can see in the picture below, Jack Approver does not have enough permission to get information on admin.)
 +
 +{{ :​tutorial:​adm:​ca_approve.png |}}
 +
 +And now log back in as an admin and you can continue with [[tutorial:​adm:​modules_crt|certificates module]] tutorial.
 +
 +<note tip>A process of renewing or revoke of certificates is approved automatically. Because especially in revoke situation user want to revoke certificate immediately.</​note>​
 +
 +===== Video Guide =====
 +[[https://​www.youtube.com/​watch?​v=E56huh9uNcA&​list=PLBeAQt3pe3EcdVE8QpCDEJcDsi_jtNQUb&​index=8|How to create certificate]] - czech language