Ability™ Developer Portal v23.1
Try Sandbox for free
Get a month of free access to ABB Ability™ Platform to learn and experiment!
API Playground
Play with ABB Ability™ Platform APIs (no time limits)

# Certificate Manager Portal

The Certificate Manager Portal is a web application that enables three different administrator personas to perform various operations on Certificate Manager APIs. The user interface is dynamically adjusted to any logged user permissions and presents a user-friendly visual form for API functionality. The following user manual contains information about the application basics, user interface overview, and required knowledge of available workflows.

The Certificate Manager Portal enables three different administrator personas to carry out various administrator operations:

  • Production Admin: List Certificate Profiles and manage Factory Proxies
  • Ability PKI Admin: Manage Certificate Profiles and Ability PKI (Issuing CA)
  • Revocation Admin: Retrieve Certificate details and revoke the Certificate

# Authentication

The first screen that appears requires users to authenticate with their Azure Active Directory credentials. Access to the application is reserved for authenticated Azure Active Directory users who possess at least one of these roles (can be all of them or combined, but at least one needs to be present): PKI Admin, Production Admin, or Revocation Admin. The roles are defined outside of the Certificate Manager Portal by mapping AAD users to specific access groups in Azure Active Directory.

login-page.png

# Production Admin User Interface

# Overview

The application is divided into three main sections:

User Interface Overview Screen

  • Navigation tabs (1)-allow switching between the Dashboard, Certificate Profiles, Certificates, and Factory proxies sections.

  • User section (2)-provides access to personal notifications, account details, and the logout option.

  • Content (3)-area presenting the data related to the active tab.

# Dashboard tab

The dashboard is a default overview screen that can be treated as an application home page. It contains high-level information about manageable assets (e.g., Certificate profiles, Device certificates, and Factory proxies) and can be an easy starting point for navigating through concrete application sections.

dashboard.png

As a Production Admin you have access to three components:

  • Certificate Profiles
  • Device certificates
  • Factory proxies

# Certificate profiles

dashboard.png This section refers to managing Certificate Profiles. A user can list Certificate Profiles available for authorized users.Certificate Type will indicate either request is for LDEVID or IDEVID and CM Platform will indicate the platform, refer below table for the reference.

dashboard.png

# Device certificates

dashboard.png This section enables users to list certificate details, i.e., to retrieve certificate details by providing a device ID.

# Factory Proxies

dashboard.png This section is dedicated to Factory Proxy management, and it is a place where a user can list, create, update, and delete Factory Proxies. Here profileId includes Enrollment and Cer-titificate_IDEVID details where Enrollment refer to MPKI profileId and Certificate_IDEVID refer to DC1 platform.

# Create Factory Proxy

To create a factory proxy, fill the required details in the Details window. Refer to the sample example image below: dashboard.png Here max count of profileId is 2. At a time only 2 profiles can be given as part of ProfileId field, and both should not be identical. If one IDEVID profile, then another should be LDEVID only.

# Ability PKI Admin User Interface

# Overview

The application is divided into three main sections:

User Interface Overview Screen

  • Navigation tabs (1)-allow switching between the Dashboard, Certificate Profiles, Certificates, and Factory proxies sections.

  • User section (2)-provides access to personal notifications, account details, and the logout option.

  • Content (3)-area presenting the data related to the active tab.

# Dashboard tab

The dashboard is a default overview screen that can be treated as an application home page. It contains high-level information about manageable assets (e.g., Certificate profiles, Digicert and Device certificates) and can be an easy starting point for navigating through concrete application sections.

dashboard.png

As a Ability PKI Admin you have access to three components:

  • Certificate Profiles
  • Digicert
  • Device certificates

# Certificate profiles

dashboard.png This section refers to managing Certificate Profiles. A user can list Certificate Profiles available for authorized users.Certificate Type will indicate either request is for LDEVID or IDEVID and CM Platform will indicate the platform, refer below table for the reference.

pki-functionality.png

# Create Certificate Profiles for LDevId

LDEVID-certificate.png This Section covers the details of certificate profile creation for LDEVID platform.

# Create Certificate Profiles for IDevId

LDEVID-certificate.png This Section covers the details of certificate profile creation for IDEVID platform.

# Digicert

digicert.png CAPlatform in this case can either be MPKI or DC1. Along with DigicertKey, one of the two should be selected.

# Device certificates

device-certificate.png This section enables users to list certificate details, i.e., to retrieve certificate details by providing a device ID.

# Revocation Admin role

  1. Revocation Admin and PKI Admin roles are provided only to the PKI Team.
  2. Revocation Admin can retrieve Certificate details by providing a Device Id and revoke (providing a reason for the revocation selectable from available options).
  3. Although this is a separate role from a system's perspective (giving the permissions described in the previous step), the business use case assumes that the Revocation Admin role will be only assigned to users that are PKI Admins (extending their capabilities, as system Roles can be combined).
Last updated: 3/2/2023, 10:50:57 AM

Factory Proxy

Feedback