Ability™ Developer Portal v23.1
Try Sandbox for free
Get a month of free access to ABB Ability™ Platform to learn and experiment!
API Playground
Play with ABB Ability™ Platform APIs (no time limits)

# Automated Production Process Concept

This document provides an Onboarding Guide and an overview of the Automated Production Process regarding the Ability PKI workflow. The main idea behind the process is that the Factory can commission a Proxy server that can talk to the devices being manufactured to load software and broker the certificate enrollment as well as maintain a secure connection with management APIs as well as CA Server.

# Production Line Setup

Onboarding workflow

The onboarding process is a one-time process, and it consists of 7 steps:

# Requestor approval

  1. The Business Leader sends the approval request to PKI Admin.

  2. The Cyber Security grants or denies user approval to request certificates.

# Business Line profile establishment

  1. The Business Leader sends a profile request to Ability PKI Admin (via Service Now).

  2. The Cyber Security checks user authority against the database and approves or denies the request.

  3. PKI Admin configures profile in Ability PKI.

  4. PKI Admin onboards profile with production and revocation admin in Certificate Management Service (CMS).

  5. PKI Admin sends SCEP URL, sub account name and certificate profile name to the Business Leader via email.

# Factory Proxy Setup


Before the production process can start, the business needs to register itself within the Factory Proxy. The following articles guides through the necessary steps in order to complete Factory Proxy registration:

# Enrollment

Enrollment diagram

Once the business line is properly established and registered within the Factory Proxy, the Enrollment starts. This part of the process is a recurring action and needs to be repeated as many times as needed.

Enrollment consists of 7 steps but steps 3-7 are fully automated (if the Factory Proxy registration was completed).

# Preparation for Production

  1. Factory proxy requests for a unique device ID and Enrollment Code (EC) from Certificate Management Service (CMS).

  2. CMS authenticates Factory Proxy and provides Device ID and EC.

# Certificate Signing Process

  1. Factory Proxy provides ID/EC to Business module.

  2. Business Module configures ID/EC in the device and retrieves Certificate Signing Request. CSR is then sent to Factory Proxy.

  3. Factory Proxy uploads CSR either to CMS.

  4. Factory Proxy downloads the signed certificate and sends it to the Module.

  5. Module configures the certificate in the Device.

NOTE

Divisions can request additional certificate profiles for different device types. Also, there can be multiple factories and proxies per certificate profile. Finally, the certificate enrollment process itself repeats for every device manufactured.

Last updated: 1/10/2022, 11:05:26 AM

Certificate Manager Service

Feedback