Manual Production Process Concept

This document provides an overview of the Device Certificate Lifecycle and the manual certificate enrollment process used by the Division to request certificates for devices.

Production Line Setup

The onboarding process is a one-time process, and it consists of 6 steps:

Requestor approval

1. The Business Leader sends an onboarding request to Ability PKI Admin (via Service Now).

2. The Cyber Security team grants or denies user approval to request certificates.

Business Line profile establishment

3. The Business Leader sends profile request to Ability PKI Admin via Service Now (includes necessary details, i.e product, quantity, etc.).

4. The Cyber Security team checks user authority vs database and approves or denies the request.

5. PKI Admin configures profile in Ability PKI.

6. PKI Admin sends SCEP URL, sub account name and certificate profile name to the Business Leader via email.

Enrollment

Once the business line is properly established and granted with necessary permissions, the Enrollment starts. This part of the process is a recurring sequence of actions and needs to be repeated as many times as needed.

1. Business Leader generates UID/common names for each device using GIG Service or uses local solution.

2. Business Leader generates enrollment codes for each device UID/common name.

3. Business Leader sends device UID/common names and enrollment codes (CSV file) via Service Now to PKI Admin.

4. PKI Admin registers CSV (UID/common names and enrollment codes) in PKI back end.

5. Pass / Fail notification is sent to Business Leader via email.