Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This article describes the Administrator's workbench (AWB), which is a tool used by Certificate Manager (CM) officers (CMOs), who are responsible for the administration of the Certification Authority (CA).

Officers with appropriate roles are able to create, configure, and remove the various entities that make up a CA, such as:

  • Domains
  • Certificates
  • Keys
  • Policies
  • Officers

See Certificate Authority (CA) administration tasks for a list of the tasks that you can do using the AWB.


Expand
titleThe AWB user interface

The AWB user interface is an Explorer style browser where an entity can be selected and its information viewed. 

The main window presents:

  • a hierarchical view of the entities in the left-hand pane (explorer bar)
  • information about a selected entity or a system summary in the right-hand pane (information pane).

These are the CA administration entities:

Domain Hierarchy

Domains are hierarchical. The top domain is called Root. In general, officers can only manipulate objects that belong to their own domain or subdomain. Super objects can be used and viewed, but not modified, if they are marked as visible in subdomain. If an object does not have a domain association, it belongs to the Root and it can be referenced from all domains.Can be used to group, for example, geographically separated regions.

CA Hierarchy

The CA Hierarchy group provides access to all the CAs and secondary CAs of the system, displayed as hierarchical CA chains. The root of each CA chain is either a self-signed CA or a CA with an absent signer.

Key Registry

The Key Registry group provides access to the CA keys that have been created in the system, organized into three subgroups:

  • Not In Use - those not yet used in a CA.
  • In Use - those currently being used.
  • Retired - those no longer in use.
Policy

The Policy group provides access to the procedures, rules, and formats used for issuing tokens and end-user certificates with the CAs. There are several organizational subgroups:

  • Token, Certificate, Attribute certificate, Key, Publication, CIL and CRL procedures
  • Distribution rules
  • Certificate, Attribute certificate, Key procedure, Publication, CIL and CRL formats
Officer Profiles

The Officer Profiles group provides access to the officer roles created for the system. Officers are assigned roles, which allow them to perform various tasks. Roles are defined in officer profiles and one officer profile has to be selected for each officer created.

Officers The Officers group provides access to the officers created for the system.
Audit 

Audit provides access to the audit logs. All significant actions performed by or within the system are logged. Unlike the other groups, all information presented here is strictly read-only. There are no organizational subgroups, only two static entities: CIS log and Request log.

Repository

Selected entities from the other groups may be organized in folders in the same way as files are organized in a hierarchical file system. This can be useful for collecting all information relevant to a particular CA in a single folder.


Note

The names of the entities shown in the explorer bar are user-defined. It is recommended to use a logical naming convention.