Accumulative Approval Workflow

The ACCUMULATIVE approval workflow is described in the following steps:

Introduction

EJBCA Approvals

Slide Deck: EJBCA Approvals

Overview: The ACCUMULATIVE workflow shown here is the simplest of the two workflows. This type of workflow allows you to set up more than 1 person to approve a certificate operation.

In this lab, you will create an Accumulative workflow, and obtain "sign off" on the creation of a certificate from two administrators.

Slide Reference

Accumulative Approval Workflow Steps

Add the Approval Profile

Reminder you can visit the Accessing Your Environment page for details on how to connect to your Admin web portal

To add the approval profile:

1. Open a browser and access your Admin Web Portal. Ensure you are logged in as the SuperAdmin

2. Click Supervision Functions >> Approval Profiles

3. In the Name field, enter the value Approval Profile

4. Click Add

Edit the Profiles

To edit the profiles:

1. Open a browser and access your Admin Web Portal. Ensure you are logged in as the SuperAdmin

2. Click CA Functions >> Certificate Profiles

3. For the ApprovalCertificateProfile click Edit

4. Under the Approval Settings section, in the Add/Edit End Entity list, select Approval Profile

5. In the Available CAs list, select Sub CA

6. Click Save

Reminder you can visit the Accessing Your Environment page for details on how to connect to your RA web portal

Add End Entity

To add an end entity:

1. Open a browser and click RA Web, from the ribbon menu across the top of page

2. Click Enroll >> Make New Request

3. In the Certificate Type drop-down list, select ApprovalEndEntityProfile

4. In the Key-pair generation selection, select By the CA

5. In the CN, Common name field, enter training_Approval

6. In the Username field, enter training_Approval

7. In the Enrollment code field, enter foo123

8. In the Confirm enrollment code field, enter foo123

9. Click Confirm request

10. Close the browser

Approve End Entity

To log in as different administrators open a NEW PRIVATE Window in Firefox, or the browser you are working with.  A private window allows you to login as a different user from the main browser window.  To login using a PRIVATE window in Firefox, select New Private window from the “Burger menu” - upper right corner in Firefox. See the “Accessing your Environment” page for more details on launching a PRIVATE window and logging into RA Web.

To approve the end entity:

1. Open a browser and click RA Web, from the ribbon menu across the top of page.
   Ensure you are logged in as the Training CA Administrator

2. Click Manage Requests

3. For the request with the name training_Approval, click enter Review

4. Review the request and click Approve

5. Close the browser

Issue Approved End Entity Certificate

To issue certificate to the approved end entity:

To review the request you can click Manage Requests and then the Processed tab. Click Review to get more details about the request. After reviewing you may issue the certificate using the procedure outlined below.

1. Open a browser and click RA Web, from the ribbon menu across the top of page.
   Ensure you are logged in as the SuperAdmin

2. In the Enroll menu, click Use Username

3. In the Username field, enter training_Approval

4. In the Enrollment code field, enter foo123

5. Click Check

6. Click Download PKCS#12

7. Save the file