Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Excerpt

The Administrator's workbench (AWB)

...

The first time you try to connect to a CM, you have to set up a connection between an AWB client and a CM host. This is described in Connect to a CM host.

Officers with appropriate roles are able to create, configure, and remove the various entities that make up a CA, such as:

  • Domains
  • Certificates
  • Keys
  • Policies
  • Officers

See Tasks during Certificate Authority administration for a list of the tasks that you can do using the AWB.

...

titleThe AWB user interface

The AWB user interface is an Explorer style browser where an entity can be selected and its information viewed. 

...

The main window presents:

  • a hierarchical view of the entities in the left-hand pane (explorer bar)
  • information about a selected entity or a system summary in the right-hand pane (information pane)

The information displayed in the information pane depends on the type of entity selected in the explorer bar.

Typical information displayed for a CA includes:

  • the creation and validity dates
  • its status
  • the key used
  • the certificate and the certificate format
  • the CA role
  • distribution rules used and its issuing chain.

The system summary for an entity group can include:

  • the number of issued, published and revoked end-user certificate
  • the expiry dates of the system SSL certificate and the license
  • the expiry dates of CAs that expire within 30 (or configured number) days
  • the expiry dates of the next five officer certificates
  • an overview of the entities in the system
  • an overview of the key encryption keys (KEKs) and archived keys.

You can select entities displayed in the information pane and perform actions on them using commands in the menu bar, toolbar or shortcut menus.

These are the CA administration entities:

...

Domains can be used to group, for example, geographically separated regions. The top domain is called Root. In general, officers can only manipulate objects that belong to their own domain or sub domain. Super objects can be used and viewed, but not modified, if they are marked as visible in sub domain. If an object does not have a domain association, it belongs to the Root and it can be referenced from all domains.

...

The CA Hierarchy group provides access to all the CA certificates known to Certificate Manager including external CA certificates, displayed as hierarchical CA chains. The root of each CA chain is either a self-signed CA or a CA with an absent signer.

...

The Key Registry group provides access to the CA keys that have been created in the system, organized into three subgroups:

  • Not In Use - those not yet used in a CA.
  • In Use - those currently being used.
  • Retired - those no longer in use.

...

The Policy group provides access to the procedures, rules, and formats used for issuing tokens and end-user certificates with the CAs. There are several organizational subgroups:

  • Token, Certificate, Attribute certificate, Key, Publication, CIL and CRL procedures
  • Distribution rules
  • Certificate, Attribute certificate, Key procedure, Publication, CIL and CRL formats

...

The Officer Profiles group provides access to the officer profiles created for the system. Officers are assigned roles, which allow them to perform various tasks. Roles are defined in officer profiles and one officer profile has to be selected for each officer created.

...

Audit provides access to the audit logs. All significant actions performed by or within the system are logged. Unlike the other groups, all information presented here is strictly read-only. There are no organizational subgroups, only two static entities: CIS log and Request log.

...

Selected entities from the other groups may be organized in folders in the same way as files are organized in a hierarchical file system. This can be useful for collecting all information relevant to a particular CA in a single folder.

Note

The names of the entities shown in the explorer bar are user-defined. It is recommended to use a logical naming convention.

Expand
titleWork with multiple tasks

You can work in parallel with different tasks in AWB. To start a new instance of AWB:

  1. Rightclick in the explorer bar of an open AWB window.
    1. Each open instance will be represented by a button in the task bar.
    2. Each instance is a running application that can be terminated without affecting the other instances.
    3. The button name will be Administrator's Workbench as long as no item has been selected in the explorer bar.
    4. When an item is selected, the button in the taskbar will change name to reflect the name of that item.
    5. When a task is initiated in AWB, e.g., Create Key Request, a dialog box is opened, which is represented by a button on the taskbar.
    6. You can also switch between active items using Alt+Tab.

Related information

...

 is used by administration officers for setting up CA-unique configurations. 

Tasks done in AWB

Instructions for all tasks that are done in the AWB can be found here: 

More information

Child pages (Children Display)