emSign is a brand, a business unit of eMudhra for providing certificate services under eMudhra's own root certificates. eMudhra is a leading Certifying Authority (CA) that specializes in providing digital certificate solutions to secure online communications and transactions. With a strong reputation for trustworthiness, reliability, and security, eMudhra has become a trusted name in the field of digital certificates.

Trust is the backbone of every secure digital interaction—whether you’re making an online purchase, signing a contract electronically, or sending confidential data. In the context of Public Key Infrastructure (PKI), “trust” refers to the confidence placed in a Certificate Authority (CA) to accurately verify identities and issue digital certificates that prove the legitimacy of websites, applications, documents, and other online entities. This confidence is shared across browsers, operating systems, and software applications worldwide, ensuring that any certificate issued by a reputable CA is recognised as trustworthy.

The Role of emSign as a Global CA

As a global CA, emSign’s primary responsibility is to maintain and strengthen this trust through stringent validation processes, robust security practices, and ongoing compliance with industry standards such as the CA/Browser Forum Baseline Requirements and WebTrust/ETSI audits. When emSign issues a digital certificate, the recipient gains the advantage of a verifiable chain of trust that links the certificate back to emSign’s root certificate embedded in trusted root stores. These root stores are curated by browsers, operating systems, and device manufacturers, ensuring that any certificate stemming from emSign is automatically accepted by end users’ systems around the globe.

How emSign Earns and Maintains Your Trust?

1. Rigorous Validation: We follow proven validation procedures to confirm the identity of individuals and organizations before issuing certificates, reducing the risk of fraud and impersonation.

2. Global Compliance: Our accreditation in multiple jurisdictions ensures that emSign certificates meet the highest international standards, making them globally accepted and recognized.

3. Secure Infrastructure: We employ advanced cryptographic measures and maintain secure data centers to protect certificate issuance processes and private keys.

4. Continuous Monitoring: Ongoing audits and certificate transparency practices help detect unauthorized or misissued certificates early, safeguarding both certificate owners and end users.

5. Transparent Revocation: If a certificate is compromised or invalid, we swiftly revoke it and update revocation lists to prevent misuse.

Together, these measures strengthen the digital ecosystem and foster an environment where individuals, businesses, and governments can confidently conduct secure online transactions. At emSign, we’re committed to upholding the highest standards of trust-so you can operate in a safe, authenticated digital space every single day.

emSign is a brand and a business unit of eMudhra, providing certificate services under eMudhra's own root certificates. eMudhra, a leading Certifying Authority (CA), specializes in delivering digital certificate solutions to secure online communications and transactions. Renowned for its trustworthiness, reliability, and security, eMudhra has established itself as a trusted name in the field of digital certificates.

As a first CA from India to get globally accredited, emSign holds a unique position among a select few companies worldwide. emSign plays a critical role in fostering trust in the digital landscape by issuing digital certificates that act as electronic credentials, verifying the identity of entities engaged in online communications, such as websites, email servers, and software applications. emSign certificates are used globally by businesses, governments, and organizations to secure their online presence, protect sensitive information, and authenticate identities.

emSign offers a comprehensive range of digital certificate solutions to address diverse security needs. These include SSL/TLS certificates for securing websites with robust encryption, code signing certificates for authenticating software applications, document signing certificates for securing digital documents, and email certificates for encrypting email communication. Additionally, emSign provides managed PKI solutions for organizations requiring extensive certificate management within their complex environments. Our certificates are widely adopted with thousands of companies worldwide relying on them.

Beyond its technical expertise, emSign is recognised for its exceptional customer support. The company offers 24/7 customer assistance through various channels, including email and phone, helping customers with everything from certificate issuance to installation and beyond. emSign also provides a user-friendly certificate management platform, enabling customers to easily manage and monitor their certificates.

emSign is a Certifying Authority that has built a strong reputation for trust, reliability, and security in the digital world. Through its rigorous validation process, innovative solutions, robust security measures, and outstanding customer support, emSign plays a pivotal role in securing online communications and transactions, helping businesses and organizations establish trust in the digital realm.

• Domain Validation - Single Domain: Safeguard your website with our Domain Validation (DV) SSL certificate, delivering a secure and encrypted browsing experience for your visitors.

• Domain Validation - Single Wildcard Domain: Wildcard certificates eliminate the need to purchase separate SSL products for each subdomain. With a single wildcard certificate, you can secure unlimited subdomains saving both time and costs.

• Domain Validation - Multi-Domain: Our Multi-Domain SSL Certificates are highly versatile and cost-effective. They secure multiple domains under a single SSL installation, offering simplicity and reduced expense. Also known as Subject Alternative Name (SAN) Certificates or Unified Communication Certificates (UCC), these are the optimal choice for organizations managing several domains.

• Domain Validation - Multi-Domain Wildcard: Multi-Domain Wildcard certificates extend the flexibility of SAN SSL certificates by allowing the use of wildcard domains. This powerful combination enables organizations to secure multiple primary and subdomains under a single SSL installation, reducing complexity and cost.

• Organization Validation - Single Domain: Establish trust with an Organization Validation (OV) SSL Certificate which verifies the authenticity of your organization and providing secure browsing experience for your visitors.

• Organization Validation - Single Wildcard Domain: Wildcard certificates for OV domains simplify certificate management by securing unlimited subdomains with a single certificate, reducing the need for multiple installations and minimizing operational overhead.

• Organization Validation - Multi-Domain: OV Multi-Domain SSL Certificates offer the same versatility as SAN SSL certificates but with the added assurance of organization-level validation. They are also called Subject Alternative Name Certificates (SAN SSL) or Unified Communication Certificates (UCC SSL). These certificates streamline the process of securing multiple domains with a single installation, ensuring both trust and efficiency.

• Organization Validation - Multi-Domain Wildcard: Multi-Domain Wildcard certificates combine the power of multi-domain management with wildcard functionality, providing seamless protection for both primary and subdomains. With a single OV Multi-Domain Wildcard certificate, organizations can secure their entire domain structure while optimizing costs.

• Extended Validation - Single Domain: For the highest level of trust, our Extended Validation (EV) SSL Certificate highlights your website authenticity by displaying the organization’s name in the browser address bar, reinforcing credibility and building customer confidence.

• Extended Validation - Multi-Domain: EV Multi-Domain SSL Certificates offer robust security and validation for organizations managing multiple domains. These are also called Subject Alternative Name Certificates (SAN SSL) or Unified Communication Certificates (UCC SSL). These certificates simplify management and reduce costs while providing the assurance of the highest.

In an interconnected world, security underpins the trust and reliability of digital communications. Ensuring that your data, transactions, and interactions remain confidential and tamper-proof is pivotal to conducting business online. For Certificate Authorities (CAs), this means following strict protocols and safeguarding the entire certificate issuance process so that end users and organizations can operate in an environment free from the risks of fraud, impersonation, and cyberattacks.

emSign’s primary focus is to enable secure digital experiences by issuing high-assurance certificates. These certificates verify the identities of individuals, organizations, and even machines, ensuring that each entity is who it claims to be. eMudhra is committed to maintaining the highest standards of security and compliance to meet the evolving needs of our clients. We are compliant with industry-leading frameworks, which include:

• WebTrust for CAs (Certificate Authorities):

  The audit checks if the CA's operations meet the standards set forth in its Certificate Policy and Certification Practice Statement. This is crucial for ensuring the security of digital certificates, which are used for encrypting communications and verifying identities online.

• ISO 9001 (Quality Management System):

  ISO 9001 is a globally recognized standard for managing quality in organizations. This helps organizations demonstrate their commitment to delivering high-quality products and services.

• CMMI Maturity Level 5 (Continuous Improvement):

  This refers to a high level of organizational maturity where processes are continually improved based on data-driven insights. At Level 5, organizations use a quantitative approach to understand business performance and the variation in processes. This enables them to make informed decisions that lead to continuous enhancements in their operations.

• SOC 2 Type II Compliant:

  SOC 2 Type II is an audit report that evaluates an organization's internal controls related to the AICPA Trust Service Criteria. These criteria cover five key areas: security, availability, processing integrity, confidentiality, and privacy of data. is important for service providers that handle sensitive data to demonstrate they maintain strong security and privacy practices.

• GDPR Compliant (General Data Protection Regulation):

  GDPR compliance refers to an organization's adherence to the General Data Protection Regulation, a legal framework designed to protect personal data of individuals in the EU. Organizations must meet specific obligations regarding how they collect, store, and process personal data, ensuring data privacy and security.

CERTInext platform provides seamless access to wide range of features designed to streamline certificate management and enhance digital security. Access CERTInext portal here

• Dashboard: Gain real-time insights through comprehensive dashboard, offering key statistics such as account status, pending domain and organization approvals, certificate status, and expiring certificates. The dashboard also provides detailed reports on bot performance, endpoint security, and key management statistics, all displayed through intuitive charts.

• Certificates: Manage your SSL/TLS certificates, request new ones, and monitor expiration dates to ensure continuous protection.

  • Discover Certificates: Locate and review all certificates across your infrastructure, irrespective of the issuing authority.

  • Orders: Track and manage your certificate orders.

  • Products: Create and manage product categories for streamlined certificate issuance.

  • Organizations: Pre-verify organizations to enable faster certificate issuance without the need for repeated validations.

  • Domains: Pre-verify domains to expedite certificate issuance.

  • Certificate Authorities: Manage trusted CAs and configure policies for certificate issuance.

  • CSR Templates: Create and manage Certificate Signing Request (CSR) templates for consistent application.

  • Configuration Templates: Create and maintain certificate configuration templates for operation efficiency.

  • Bots: Configure and manage automated Bots for certificate discovery and monitoring ensuring visibility across networks.

• Keys: Manage the entire lifecycle of cryptographic keys, including generation, storage, and profiling.

  • Manage Keys: Store and organize cryptographic keys systematically.

  • Key Profiles: Define and apply key profiles for consistent cryptographic operations.

  • Key Store: Securely store and manage cryptographic keys.

• APIs: Access and configure API integrations with the platform.

  • REST APIs: Generate API keys for efficient certificate management.

  • ACME APIs: Automate SSL/TLS certificate issuance through ACME protocols.

• Billing & Payments: Manage your account credits, payments, and invoices.

  • Add Credits: Recharge account credits through online or offline payment modes.

  • Invoices: View, manage and download invoices related to your purchases.

  • Statement: Access detailed financial statements to monitor account activity.

  • Product Price List: Review and manage product pricing to align with business needs.

• Reports: Access various reports related to orders, certificates, and usage.

  • Orders Report: Generate detailed reports on certificate orders.

  • Overall Statistics: Access a platform wide summary of critical metrics and statistics.

  • Certificates Report: Monitor the status and details of all certificates managed on the platform.

  • Key Store Report: Analyze Key storage data and the status of your key stores.

  • Key Report: Track key usage, rotation status and operational health.

  • Sales Summary: Review sales data to monitor performance.

  • Audit Logs: Maintain audit trails of platform activities to ensure compliance and transparency.

• Settings: Configure platform settings, user access, and security rules.

  • Account Configuration: Manage account settings, authentication options and account configurations.

  • Custom Fields: Add or modify custom fields to capture additional data for certificates, organizations and so on.

  • IP Restrictions: Enforce IP restriction to enhance security by limiting platform access.

  • Users: Control user roles and permissions across the organization.

  • Groups: Create and manage user groups with roles such as Administrator, Manager/s and Basic User.

  • Manage Schedules: Set up automated task schedules for certificate issuance, renewal and monitoring.

  • Reporting Tags: Create reporting tags to facilitate better filtering and data analysis.

• CA Connectors: Integrate seamlessly with multiple CA services for managing private or public SSL/TLS certificates.

• Tools: Access a suite of tools and utilities available to enhance workflows and optimize operations.

Reseller / Enterprise Sign up & Sign in flow

In this section

• Enterprise Sign up

• Reseller Sign up

• Multi-account Association

• Alerts and Notifications

Enterprise Accounts

Ideal for: Large organizations and enterprises managing their own certificate infrastructure.

Enterprise accounts provide many of the same capabilities as reseller accounts, with a few limitations to align with internal enterprise needs. Key features include:

• Full Portal Access: Manage certificates, users, domains, and organizations directly through the portal.

• Group and Fund Management: Create, edit, and manage groups, and allocate funds to streamline operations.

• Organization & Domain Management: Pre-verify and manage domains and organizations for faster certificate issuance.

• API Integrations: Access REST and ACME APIs to generate and manage their own keys.

• Certificate Management: Issue and monitor certificates, with built-in tools to track expiring certificates.

• Finance & Billing Management: View financial reports, manage account funds, and update billing information.

• Private CA Management: Create and manage private CAs and develop customized products for internal use.

• Reports & Tools: Utilize the reporting features and tools available on the platform.

• Profile and Notifications: Manage profile information and receive alerts related to self-orders and associated group activities.

Limitations:

Enterprise accounts do not have access to sub-account creation or price list management for sub-accounts.

Navigating to the Sign-Up Page: Open the URL https://www.hub.emsign.com and click on “Sign Up” button

Upon clicking the "Sign Up" link on the home screen, users are redirected to the "Sign up as an Enterprise" page.

Entering User Information:

Users are required to fill in the following details:

• Your Name

• Your Email Address

• Mobile Number

• Organization Name

• Country (select from the dropdown menu)

Note: The Mobile Number field is visible only for users in India, based on IP detection. It is mandatory for enterprise sign-ups.

Accepting Terms and Conditions:

• Users must accept the terms and conditions by selecting the checkbox.

• Click the "Sign Up" button to proceed.

Acknowledgement and Account Activation:

• Upon clicking the "Sign Up" button, a thank you message will appear on the screen, confirming the sign-up request.

• An account activation email will be sent to the registered email ID.

Activating the Account:

• Users must click the activation link in the email to proceed to the "Activate Your Account" page.

Setting a Password:

• On the "Activate Your Account" page, users will be prompted to set a password following the system-provided instructions.

Password Generation and Update:

• After entering the password, click the "Generate Password" button to complete the process.

• The password will be successfully updated, and the account will be ready for use.

Incorrect Login Attempts

• If the account User enters the wrong/invalid password, the System will notify the account user with an alert message as shown below.

• On entering the wrong/invalid password repeated times, the respective account will be blocked.

• The user will get an Email on the same & also a login blocked notification will be displayed on the screen itself.

• Account user can unblock the account by contacting the emSign Hub account manager.

Ideal for: Customers using the online platform for personal or business certificate needs.

Retail accounts provide similar functionality to enterprise accounts, giving users access to the following:

• Portal Access: Manage certificates, domains, and organizations through a user-friendly interface.

• API Integration: Utilize REST and ACME APIs for key management.

• Group and User Management: Create groups and manage users within their account.

• Billing and Finance Management: Manage billing details, access invoices, and view financial reports.

• Private CA and Product Management: Create private CAs and develop customized products for internal use.

• Reports and Tools: Generate reports and access platform tools for improved management.

• Notifications: Receive alerts regarding expiring certificates and pending orders.

A root store is a repository of trusted root certificates used by operating systems, browsers, and other software applications to verify the authenticity of digital certificates. When a Certificate Authority (CA) is included in these root stores, any certificate they issue will be trusted by default on devices and browsers that use those stores. This is a cornerstone of Public Key Infrastructure (PKI), as it ensures that users and organizations can confidently navigate the internet, knowing that their digital connections and documents are backed by verified credentials.

As a global CA, emSign maintains its presence in multiple widely used root stores, ensuring that digital certificates issued by emSign are recognized and trusted by billions of devices worldwide. Below is an overview of emSign’s current root store inclusions and the significance of each program.

Major Root Store Programs

1. Microsoft Trusted Root Program

   • Scope: Covers Microsoft Windows operating systems (e.g., Windows 10, Windows 11, and their server equivalents) and Microsoft’s products like Internet Explorer and Edge.

   • Importance: Inclusion ensures that emSign certificates are trusted on all supported Windows environments by default, allowing seamless usage in enterprise networks and consumer devices.

2. Apple Root Certificate Program

   • Scope: Includes macOS, iOS, iPadOS, and Safari.

   • Importance: Being part of Apple’s trust store allows emSign’s certificates to function seamlessly across Apple desktops, laptops, and mobile devices, covering a vast user base in both consumer and business contexts.

3. Mozilla Root Store

   • Scope: Impacts Mozilla Firefox and derivative browsers or applications using Mozilla’s root store.

   • Importance: Firefox is a popular cross-platform browser, used extensively on Windows, macOS, Linux, and Android. Inclusion here ensures that emSign certificates work smoothly across diverse computing environments.

4. Android Root Store

   • Scope: Governs the vast Android ecosystem—smartphones, tablets, and other devices running Android OS.

   • Importance: With a significant share of the global mobile market, inclusion in the Android root store means that emSign certificates are trusted on devices from a wide array of manufacturers.

5. Java (Oracle) Root Store

   • Scope: The Java platform and applications that rely on Java’s default keystore (cacerts).

   • Importance: Many enterprise and server-side applications depend on Java’s trust store. Being included here ensures smooth integrations where Java-based applications must validate or use emSign-issued certificates.

6. Other Trusted Root Programs

   • Linux Distributions: Some popular distributions (e.g., Ubuntu, Red Hat, Fedora) maintain their own certificate bundles, often synchronized with Mozilla’s root store.

   • Third-Party Browsers: Many browsers base their trust store on existing programs (like Mozilla’s or Microsoft’s), effectively extending the coverage of emSign’s root certificates.

Note: The specific coverage and update cycles differ by platform; some devices or operating systems may require manual updates to trust the latest root CAs.

For more information on emSign's inclusion in specific root stores, feel free to check ccadb or reach out to our support team.

emSign is a global digital certificate provider and a business unit of eMudhra, a publicly listed, globally accredited Certifying Authority (CA) with over 16 years of expertise in operating CAs in large markets. emSign is headquartered in Salt Lake City, Utah and Bangalore, India

With offices in 10 countries and clients across 30+ nations, eMudhra delivers cutting-edge digital trust solutions to secure online communications and transactions.

Key Highlights:

1. Comprehensive Digital Certificate Offerings:

• SSL/TLS Certificates: Secure websites with robust encryption.

• Code Signing Certificates: Authenticate and protect software.

• Document Signing Certificates: Secure digital documents with legal electronic signatures.

• Email Certificates: Encrypt and authenticate communications.

• Managed PKI Solutions: Simplify certificate management for complex environments.

1. Proprietary Expertise:

• Innovator in Identity Management, PKI, and eSignature workflows.

• Solutions deployed in Fortune 500 companies, leading banks, and eGovernment programs worldwide.

1. Global Reach and Trust:

• Certificates trusted by thousands of businesses, governments, and organizations globally.

• Extensive experience in enabling secure communications, safeguarding sensitive data, and verifying digital identities.

1. Exceptional Customer Support:

• 24/7 assistance through multiple channels.

• Intuitive certificate management platform for seamless monitoring and control.

eMudhra’s leadership in digital security, supported by its innovative technology and unmatched reliability, empowers businesses and governments to establish trust in the digital landscape.

CERTInext is a unified platform that is part of emSign’s offerings for seamless digital certificate management, catering to enterprises, resellers, and individuals. It simplifies certificate lifecycle management with features like issuance, renewal, discovery, and monitoring. Key highlights include:

• Certificate Management: Real-time insights, automated lifecycle handling, and pre-validation for instant issuance.

• Automation & Integration: Supports ACME automation, REST APIs, and Bots for efficient large-scale operations.

• Enterprise Features: Private PKI, role-based access, detailed reporting, and departmental management.

• Security & Customization: MFA, Microsoft 365 SSO, IP restrictions, customizable profiles, and proactive alerts.

• User-Friendly Interface: Centralized dashboards, intuitive workflows, and multi-language support.

CERTInext is a trusted solution for managing both public and private trust certificates, ensuring security and efficiency for organizations globally.

Users

• By default, last 10 users be viewed as shown below.

• The list of users can be filtered & searched by Name. Click the "Search" button to apply the filter.

Create User to your account

To create a new user for your account:

• Click the "New User (+)" option to navigate to the Add User creation screen.

Fill in the following details

• Name

• Email

• Mobile Number

• Designation

• Employee ID

Group Access Options:

• If the group access checkbox is selected, the administrator can restrict the user to specific groups.

• If unchecked, the user will have default access to all groups.

Role Assignment:

• Use this option to assign a role to the user. The permissions available to the user will vary based on the assigned role.

• Click the "Save" button to finalize the process.

An account activation email will be sent to the provided email address, including a link to activate the user account.

Post-Creation Management

Edit User Information: Once the user is created, administrators can edit the user details or adjust group access.

User Activation

The new user will receive an account activation email containing the account name and an activation link.

Upon activation, the user can access the account with permissions based on the assigned role.

Group Management

Groups can represent cost centres, business units, projects, or similar organizational units. Administrators can manage and customize groups to streamline access and certificate management.

Adding and Managing Groups

Default Group

• A default group is pre-configured in the group menu upon account activation.

• By default, account users cannot add multiple groups. To add multiple groups, the account administrator must request assistance from an eMudhra Account Manager.

Filtering Groups

• Use the Group Name filter to search and filter the list of groups, as shown below.

Configuring a New Group

• Enter the Group Name.

• Provide a Short Description.

• Upload a Logo (if required).

Use the access configuration to control group visibility:

• Checked: Restrict access to specific users.

• Unchecked: Grant group access to all users by default.

Specify the certificate request settings for Organizations and Domains associated with the group.

This feature allows administrators to tailor group configurations to meet organizational requirements effectively.

Organizations

Administrators can configure certificate request permissions for groups using the "All" or "Specific" options for Organizations.

• All- If this option is selected, the group will have access to all organizations within the account.

• Specific- If this option is selected, the administrator can restrict the group’s access to specific organizations available in the account.

Domains

Administrators can configure certificate request permissions for groups using the "All" or "Specific" options for Organizations.

• All- If this option is selected, the group will have access to all domains within the account.

• Specific- If this option is selected, the administrator can restrict the group’s access to specific domains available in the account.

Finance

Administrators can define the payment mode for certificate requests using the Finance option. This ensures that payment settings are aligned with organizational policies and requirements.

Deduct from Account Balance

If this option is selected at the new request level, the amount for any certificate request placed using the group will be deducted directly from the group's balance.

Allocate Credits to the Group

Check the "Allocate Credits to this Group from Account Balance" option.

Enter the following details:

• Amount: Specify the amount to be allocated.

• Supporting Document: Attach relevant documentation (if required).

• Remarks: Add any remarks for reference.

Upon allocation, the specified amount will be debited from the account balance and credited to the group.

This feature enables efficient fund management and ensures that group-level balances are appropriately maintained.

Enforce Spend Limit

Administrators can set spending thresholds for groups to manage and control expenses:

Enable Spend Limit:

• Check the "Enforce Spend Limit" option to activate spending restrictions for a group.

• A threshold amount field will appear.

Set Threshold Amount:

• Enter the desired threshold amount for the group.

• This ensures that spending does not exceed the allocated limit, providing better financial oversight.

This feature helps in maintaining budgetary control and ensuring accountability at the group level.

Deduct from Group Balance

Enable this option to allow deductions directly from the group's balance for any certificate requests made using the group.

When this option is selected, any charges for new requests will automatically be debited from the group's allocated balance.

Allocate Credits to the Group

To allocate funds to a group, follow these steps:

• Select the "Allocate Credits to this Group from Account Balance" checkbox.

• Enter the following details:

Amount: Specify the amount to allocate.

Supporting Document: Attach relevant documentation if required.

Remarks: Add any notes or comments related to the fund allocation.

• Upon saving, the specified amount will be debited from the account balance and credited to the group.

This functionality allows precise control over group-level finances and ensures efficient resource management.

Upon clicking on "Save" button a group will be created in the account as shown below.

Managing Group Information

Once a group is created in the account, administrators can view, edit, and manage its details.

View Group Information

Click on the Group ID to navigate to the Group View page, as shown below. This page displays:

• Group details such as name, description, creator, and associated information.

• Financial details, including the "Deduct from Account Balance" option.

Credits Management

Allocation/Deallocation History: A grid is available to display all credit and debit transactions, including transaction IDs and the amounts.

Allocate/Deallocate Credits: Use the "Edit" button or click on the Group ID to update credit allocations. This option is available only when the finance configuration for certificates is set to "Deduct from Group Balance". Administrators can manage group credits using the following options:

Allocate/Deallocate Credits to Group

Select this option to credit/debit an amount into the group's balance.

The credited amount will be deducted/added from/to the account balance.

User Access

A list of users with access to the group is displayed, including their roles, employee IDs, and account status.

Edit Group Information

Click on the "Edit" button to:

• Update group details.

• Manage credit allocations.

• Adjust user permissions.

Important Note:

In sub-reseller or enterprise accounts, there is no provision to add multiple groups. All group-related operations and configurations are limited to the default group structure provided within the account.

Multifactor Authentication and Single Sign On

Role-based access control

The emSign CERTInext platform offers six roles, each designed to address specific responsibilities and access requirements within the system:

• Administrator

• Manager

• Finance Manager

• Standard User

• Basic User

• Discovery User

Administrator

The Administrator role provides full access to the platform, enabling comprehensive management of users, groups, organizations, and financial operations. This role is intended for system overseers responsible for administrative and operational tasks.

Key Access Controls

Full portal access, including the Dashboard.

Manage:

• Certificates (requests, orders, expiring certificates).

• Organizations, domains, groups, and users.

• Private and public Certificate Authorities (CAs) and products.

• Sub-accounts and price lists for sub-accounts.

Access to:

• REST and ACME APIs.

• Financial features.

• Audit logs and tools.

• Reports and account settings.

Create user invitations and assign roles.

Manager

The Manager role focuses on overseeing groups, users, and orders while managing sub-accounts and associated group features. This role excludes full administrative and financial permissions.

Key Access Controls

Dashboard access (billing alerts, low credit alerts, and self-orders tracking).

Manage:

• Organizations and domains.

• Groups (including credit allocation) and users.

• Private and public CAs and products.

• Sub-accounts and price lists for sub-accounts.

Access to:

• REST and ACME APIs.

• Financial features.

• Audit logs, reports, and tools.

Finance Manager

The Finance Manager role is tailored for managing financial operations, such as fund allocation, price lists, and finance-related features, without broader administrative control.

Key Access Controls

Dashboard access (billing alerts and self-orders tracking).

Manage:

• Groups (credit allocation) and users.

• Sub-accounts and price lists for sub-accounts.

• Private and public CAs and products.

Access to:

• REST and ACME APIs.

• Financial features.

• Audit logs, reports, and tools.

Standard User

The Standard User role allows for requesting certificates and accessing group orders. It includes broader access than the Basic User but lacks administrative permissions.

Key Access Controls

Dashboard access (billing alerts and self-orders tracking).

Manage:

• Private and public CAs.

Access to:

• REST and ACME APIs.

• Reports, tools, and profile settings.

Basic User

The Basic User role provides minimal permissions, focusing on personal tasks such as requesting certificates and managing profile information.

Key Access Controls

Dashboard access (billing alerts and self-orders tracking).

Access to:

• REST and ACME APIs.

• Reports, tools, and profile settings.

Discovery User

The Discovery User role is dedicated to users responsible for certificate discovery operations. This includes tasks such as key management, key store handling, and accessing discovery-related features.

User can login to the CERTInext portal with Digital Certificate.

To add the certificate, navigate to My Profile > Add Certificate.

Add Certificate

Digital Certificate can be added in two ways, Upload from system or Read from Store.

• Upload: User can upload only certificates of the format .cer.

Note: Files other than .cer extension cannot be uploaded and used for authentication and login.

• Read from Store: The security certificates installed in the browser are listed and user can select and add the certificate.

Change Certificate

Users can change the certificate for login with a different one with same steps as above.

Reseller/Enterprise/Retail users can create new request under New Request. Account users can create a new request, manage requests and track expiring certificates which are going to expiry in a specific time range.

emSign S/MIME Mailbox Validated certificates provide "reasonable assurance" to both senders and recipients that the individual identified in the certificate has control over the associated email address.

Below are the steps to order an S/MIME - Simple - Mailbox Validated - Strict certificate.

Step-by-Step Ordering Process

1. Choose Your S/MIME Product and Validity

• Navigate to Certificates > New Request.

• From the Product Dropdown List, select S/MIME - Simple.

• Choose the validity period and click "Next" to proceed.

1. Certificate Requester Information

• Enter the following details:

• Name

• Email ID

• Mobile Number

• Designation

• Certificate Download Delegation:

• If another individual needs to download the certificate, enable the "Certificate Download Delegation" option.

• Provide the delegate’s Name and Email ID. A certificate download PIN will be sent to the delegate’s email address.

• Click "Proceed" to continue.

1. Certificate Information

• Enter the Email ID for which the certificate will be issued.

• Alternatively, select "Same as Requester Email ID" to auto-fill the requester’s email ID.

• Click "Next" to proceed.

1. Certificate Signing Request (CSR)

Refer to the SSL/TLS DV Certificate Ordering Flow for CSR submission options. Users can:

• Upload or Paste the CSR.

• Skip CSR and submit it later using the Order Quick Actions feature.

1. Additional Information (Optional)

• Provide any Reporting Tags, Order Remarks, or KYC Documents if applicable.

• Custom fields may also appear here if configured by the account administrator.

1. Order Summary & Payment

• Review the order details and product information.

• Proceed with the payment for the S/MIME certificate.

• For detailed payment instructions, refer to the SSL/TLS DV Certificate Ordering Flow.

What’s Next?

• After successfully placing the order, the certificate requester will receive an Order Confirmation Email.

• The email will contain a tracking link to monitor the progress of the certificate verification and issuance process.

An Intranet SSL certificate functions similarly to SSL certificates issued by public authorities but is specifically designed for private networks or internal sites. It secures data exchanges within private environments by encrypting the communication between client devices and server over HTTPS. This encryption ensures that even if unauthorized parties attempt to intercept the data, they cannot decipher it, safeguarding sensitive information and passwords exchanged within the internal network.

Key Features of Intranet SSL Certificates

Technical Specifications & Installation:

• Intranet SSL certificates share the same technical specifications and installation procedures as public SSL certificates. However, their usage differs.

Compliance with CA/B Forum Regulations:

• According to the CA/Browser Forum regulations, public CAs cannot issue SSL certificates for internal server names, localhost, or reserved IP addresses. As a result, private servers must acquire SSL certificates from Private CAs.

emSign Intranet SSL:

• Non-Public Root Certificates: emSign provides Intranet SSL certificates via private root certificates.

• Fast Issuance & Competitive Pricing: Enjoy a faster process and cost-effective pricing compared to traditional offerings.

Benefits of Intranet SSL Certificates

• Secure Internal Server Names and IPs:

Intranet SSL certificates enable encryption for internal server names, localhost, and reserved IP addresses.

• Support for Multiple Configurations:

  • Single Domain

  • Wildcard Certificates

  • Multiple Domains (UCC)

• Includes Organization Information:

  • Each certificate contains the Organization Name (O) to ensure verified identity.

• Fully Automated Process & Instant Approval:

  • Enjoy quick and automated issuance for fast implementation.

• Fast Issuance:

  • Certificates are typically issued within minutes of submission.

• Extended Validity:

  • Certificates can be issued with a maximum validity of up to 5 years.

• No Self-Signed Certificates:

  • All certificates are issued from trusted private CAs to avoid self-signed certificate risks.

• Improved Performance & No Browser Warnings:

  • Seamless user experience with no browser security warnings.

• Automatic Renewal Reminders & Early Renewal Options:

  • Stay protected with automatic renewal notifications and the ability to renew certificates early to prevent service disruptions.

  • Intranet SSL certificates are ideal for securing internal systems, protecting sensitive data, and maintaining compliance with industry standards. With emSign’s fast issuance process and competitive pricing, you can ensure your internal network remains secure and operational without compromise.

Ordering an Intranet SSL Certificate

Step-by-Step Ordering Proces

1. Choose Product & Validity

• Navigate to Certificates > New Request.

• From the Product Dropdown List, select a Private PKI product that suits your needs.

• The certificate validity period will be displayed based on the selected product configuration.

• Click "Next" to proceed.

1. Certificate Requester Information

• Enter the following details for the certificate requester:

• Name

• Email ID

• Mobile Number

• Designation

• These details will ensure that the requester receives all relevant order notifications.

• Click "Next" to continue.

1. Certificate Information

• Internal DNS Type:

• Enter the domain name (mandatory). This can include internal domains, IP addresses, or internal server names.

• Note: Domain Control Validation (DCV) is not required for internal domains.

• Optionally, provide additional details such as:

  • Additional Domain Names

  • Organization Name & Unit

  • Country, State/Province

  • Click "Next" to proceed.

1. Certificate Signing Request (CSR)

• CSR submission is mandatory for Private PKI Intranet SSL certificates.

• You can provide the CSR in either of the following ways:

  • Upload CSR

  • Paste CSR

• Click "Next" to proceed.

1. Additional Information (Optional)

• Reporting Tags:

  • Click "Add Tag" to map tags to the order request for easy filtering.

  • Provide the Tag Name and Tag Value, and click "Save" to continue.

• Order Remarks:

  • Add any relevant remarks as part of the order request.

• KYC Documents (if applicable):

  • Upload any required KYC documents to complete the request.

• Click "Next" to proceed.

1. Order Summary & Payment

   • The Order Summary section provides an overview of:

   • Product Information

   • Certificate Details

   • Payment Summary (including the deduction group for the payment).

   • Payment Information:

   • Displays the current account balance, order value, and grand total.

   • For USD payments: GST is not applicable.

   • For INR payments: GST will be applied.

   • Click "Pay Now" to finalize the payment.

   • After payment, the user will be redirected to the Orders View Page, where all order-related details will be displayed.

What's Next?

• After the order is successfully placed, the certificate will be available for download.

• Navigate to the Orders View Page and use the "Download Certificate" option to retrieve the certificate.

To enhance account security, the platform offers the option to enable Two-Factor Authentication (2FA) via T-OTP (Time-Based One-Time Password).

Enabling 2FA

• Check the box for "Enforce 2FA via T-OTP authentication mode" in the Account Configuration settings.

• Note that enabling 2FA is optional and can be configured by the administrator based on company policy.

What Happens After Enabling

Once enabled, users will need to configure T-OTP during their first login by:

• Scanning the provided barcode .

• Entering the generated OTP.

T-OTP authentication will then apply to all users associated with the account.

This feature ensures an added layer of security for platform access.

Partner Accounts

Ideal for: SSL providers, web hosting companies, cloud service providers, and other resellers of digital certificates.

Partner accounts offer comprehensive access to the CERTInext portal, enabling resellers to efficiently manage their operations and sub-accounts. Key features include:

• Group Management: Add, manage, edit, and allocate funds to groups.

• User Management: Add, manage, invite, and approve users and user invitations.

• Organization & Domain Management: Manage organizations, domain settings, and pre-approve pending orders from sub-accounts.

• Sub-Account Management: Create and manage sub-accounts, set customized price lists for sub-accounts, and monitor activities.

• Certificate Management: Issue, renew, and manage public and private certificates; monitor expiring certificates; and generate API keys for REST and ACME integrations.

• Finance and Billing: Allocate funds, manage account finances, and access audit logs.

• Product Customization: Develop customized products and create public/private CAs for tailored certificate solutions.

• Tools & Reports: Access detailed reports, tools, and notifications regarding groups and self-orders for enhanced operational efficiency.

• Notifications: Receive alerts on pending self-orders and other group-related activities.

• Profile and Billing Management: Update profile information, manage billing details, and access account settings.

Navigating to the Sign-Up Page: Open the URL https://www.hub.emsign.com and click on “Sign Up” button

Upon clicking the "Sign Up" link on the home screen, users will be redirected to the "Sign up as a Partner" page.

Entering User Information:

The user must provide the following details:

• Your Name

• Your Email ID

• Mobile Number

• Organization Name

• Organization Type

• Country (Select from the dropdown menu)

Note: The Mobile Number field will only appear for users in India, based on IP detection, and is mandatory for partner sign-ups.

Accepting Terms and Conditions:

• Users must accept the terms and conditions by selecting the checkbox.

• Click the "Sign Up" button to proceed.

Account Approval Process:

• After submitting the sign-up form, the partner account will undergo an approval process by emSign.

Account Confirmation Notification:

• Upon submission, an account confirmation email will be sent to the user, containing relevant information about the registration and next steps.

Account Activation Process:

• Once the reseller account is approved, an account activation email will be sent to the registered email ID.

Activating the Account:

• Users must click the activation link in the email to access the "Activate Your Account" page.

Setting a Password:

• On the "Activate Your Account" page, users will be prompted to create a password according to the provided instructions.

Password Generation and Update:

• After entering the password, click the "Generate Password" button to finalize the process.

• The password will be updated, and the partner account will be activated and ready for use.

Incorrect Login Attempts

• If the account user enters the wrong/invalid password, the system will notify the account user with an alert message as shown below.

• On entering the wrong/invalid password repeated times, the respective account will be blocked.

• The user will get an Email on the same & also a login blocked notification will be displayed on the screen itself.

• Account user can unblock the account by contacting the emSign Hub account manager.

Existing account users can create additional accounts by selecting either "Enterprise Account Sign-Up" or "Partner Account Sign-Up" from the login page of the CERTInext Portal.

1. Navigating to the Account Creation Page:

• Upon clicking Enterprise Account Sign-Up or Partner Account Sign-Up, the user will be redirected to the respective account creation page, as described earlier.

1. Submitting Required Information:

• Provide all the necessary details on the account creation form.

• Click the "Sign Up" button to submit the request.

1. Account Activation Process:

• An account activation email will be sent to the registered email ID.

• Open the email and click the "Activate Account" button to continue.

1. Account Authentication:

• Clicking the "Activate Account" button will redirect the user to the Account Authentication page.

• The password for the existing account will be auto-filled on this page.

• Click "Authenticate" to proceed.

1. Successful Authentication:

• A confirmation message, "Account Authenticated Successfully", will be displayed upon successful authentication.

1. Logging into the Portal:

• After authentication, the user can log in by entering their email ID and password.

• Click the "Sign In" button to proceed to the Choose Your Account to Sign In page.

1. Choosing an Account:

• A list of all Partner and Enterprise accounts associated with the user will be displayed.

• Click the "Proceed" button next to the desired account to continue.

1. Account Expiration Notification:

• If any Reseller or Enterprise account has expired, the status will be clearly displayed on the account selection page.

User and Group Management

Users

• By default, last 10 users be viewed as shown below.

• The list of users can be filtered & searched by Name. Click the "Search" button to apply the filter.

Create User to your account

To create a new user for your account:

• Click the "New User (+)" option to navigate to the Add User creation screen.

Fill in the following details:

• Name

• Email

• Mobile Number

• Designation

• Employee ID

Group Access Options:

• If the group access checkbox is selected, the administrator can restrict the user to specific groups.

• If unchecked, the user will have default access to all groups.

Role Assignment:

• Use this option to assign a role to the user. The permissions available to the user will vary based on the assigned role.

• Click the "Save" button to finalize the process.

An account activation email will be sent to the provided email address, including a link to activate the user account.

Post-Creation Management

Edit User Information: Once the user is created, administrators can edit the user details or adjust group access.

User Activation

The new user will receive an account activation email containing the account name and an activation link.

Upon activation, the user can access the account with permissions based on the assigned role.

Group Management

Groups can represent cost centres, business units, projects, or similar organizational units. Administrators can manage and customize groups to streamline access and certificate management.

Adding and Managing Groups

Default Group

• A default group is pre-configured in the group menu upon account activation.

• By default, account users cannot add multiple groups. To add multiple groups, the account administrator must request assistance from an eMudhra Account Manager.

Filtering Groups

• Use the Group Name filter to search and filter the list of groups, as shown below.

Configuring a New Group

• Enter the Group Name.

• Provide a Short Description.

Upload a Logo (if required).

Use the access configuration to control group visibility:

• Checked: Restrict access to specific users.

• Unchecked: Grant group access to all users by default.

Specify the certificate request settings for Organizations and Domains associated with the group.

This feature allows administrators to tailor group configurations to meet organizational requirements effectively.

Organizations

Administrators can configure certificate request permissions for groups using the "All" or "Specific" options for Organizations.

• All- If this option is selected, the group will have access to all organizations within the account.

• Specific- If this option is selected, the administrator can restrict the group’s access to specific organizations available in the account.

Domains

Administrators can configure certificate request permissions for groups using the "All" or "Specific" options for Organizations.

• All- If this option is selected, the group will have access to all domains within the account.

• All- If this option is selected, the group will have access to all domains within the account.

• Specific- If this option is selected, the administrator can restrict the group’s access to specific domains available in the account.

Finance

Administrators can define the payment mode for certificate requests using the Finance option. This ensures that payment settings are aligned with organizational policies and requirements.

Deduct from Account Balance

If this option is selected at the new request level, the amount for any certificate request placed using the group will be deducted directly from the group's balance.

Allocate Credits to the Group

Check the "Allocate Credits to this Group from Account Balance" option.

Enter the following details:

• Amount: Specify the amount to be allocated.

• Supporting Document: Attach relevant documentation (if required).

• Remarks: Add any remarks for reference.

Upon allocation, the specified amount will be debited from the account balance and credited to the group.

This feature enables efficient fund management and ensures that group-level balances are appropriately maintained.

Enforce Spend Limit

Administrators can set spending thresholds for groups to manage and control expenses:

Enable Spend Limit:

• Check the "Enforce Spend Limit" option to activate spending restrictions for a group.

• A threshold amount field will appear.

Set Threshold Amount:

• Enter the desired threshold amount for the group.

• This ensures that spending does not exceed the allocated limit, providing better financial oversight.

This feature helps in maintaining budgetary control and ensuring accountability at the group level.

Deduct from Group Balance

Enable this option to allow deductions directly from the group's balance for any certificate requests made using the group.

When this option is selected, any charges for new requests will automatically be debited from the group's allocated balance.

Allocate Credits to the Group

To allocate funds to a group, follow these steps:

• Select the "Allocate Credits to this Group from Account Balance" checkbox.

• Enter the following details:

Amount: Specify the amount to allocate.

Supporting Document: Attach relevant documentation if required.

Remarks: Add any notes or comments related to the fund allocation.

• Upon saving, the specified amount will be debited from the account balance and credited to the group.

This functionality allows precise control over group-level finances and ensures efficient resource management.

Upon clicking on "Save" button a group will be created in the account as shown below.

Managing Group Information

Once a group is created in the account, administrators can view, edit, and manage its details.

View Group Information

Click on the Group ID to navigate to the Group View page, as shown below. This page displays:

• Group details such as name, description, creator, and associated information.

• Financial details, including the "Deduct from Account Balance" option.

Credits Management

Allocation/Deallocation History: A grid is available to display all credit and debit transactions, including transaction IDs and the amounts.

Allocate/Deallocate Credits: Use the "Edit" button or click on the Group ID to update credit allocations. This option is available only when the finance configuration for certificates is set to "Deduct from Group Balance". Administrators can manage group credits using the following options:

Allocate/Deallocate Credits to Group

Select this option to credit/debit an amount into the group's balance.

The credited amount will be deducted/added from/to the account balance.

User Access

A list of users with access to the group is displayed, including their roles, employee IDs, and account status.

Edit Group Information

Click on the "Edit" button to:

• Update group details.

• Manage credit allocations.

• Adjust user permissions.

Important Note:

In sub-reseller or enterprise accounts, there is no provision to add multiple groups. All group-related operations and configurations are limited to the default group structure provided within the account.

Multifactor Authentication and Single Sign On

Role-based access control

The emSign CERTInext platform offers six roles, each designed to address specific responsibilities and access requirements within the system:

• Administrator

• Manager

• Finance Manager

• Standard User

• Basic User

• Discovery User

Administrator

The Administrator role provides full access to the platform, enabling comprehensive management of users, groups, organizations, and financial operations. This role is intended for system overseers responsible for administrative and operational tasks.

Key Access Controls

Full portal access, including the Dashboard.

Manage:

• Certificates (requests, orders, expiring certificates).

• Organizations, domains, groups, and users.

• Private and public Certificate Authorities (CAs) and products.

• Sub-accounts and price lists for sub-accounts.

Access to:

• REST and ACME APIs.

• Financial features.

• Audit logs and tools.

• Reports and account settings.

Create user invitations and assign roles.

Manager

The Manager role focuses on overseeing groups, users, and orders while managing sub-accounts and associated group features. This role excludes full administrative and financial permissions.

Key Access Controls

Dashboard access (billing alerts, low credit alerts, and self-orders tracking).

Manage:

• Organizations and domains.

• Groups (including credit allocation) and users.

• Private and public CAs and products.

• Sub-accounts and price lists for sub-accounts.

Access to:

• REST and ACME APIs.

• Financial features.

• Audit logs, reports, and tools.

Finance Manager

The Finance Manager role is tailored for managing financial operations, such as fund allocation, price lists, and finance-related features, without broader administrative control.

Key Access Controls

Dashboard access (billing alerts and self-orders tracking).

Manage:

• Groups (credit allocation) and users.

• Sub-accounts and price lists for sub-accounts.

• Private and public CAs and products.

Access to:

• REST and ACME APIs.

• Financial features.

• Audit logs, reports, and tools.

Standard User

The Standard User role allows for requesting certificates and accessing group orders. It includes broader access than the Basic User but lacks administrative permissions.

Key Access Controls

Dashboard access (billing alerts and self-orders tracking).

Manage:

• Private and public CAs.

Access to:

• REST and ACME APIs.

• Reports, tools, and profile settings.

Basic User

The Basic User role provides minimal permissions, focusing on personal tasks such as requesting certificates and managing profile information.

Key Access Controls

Dashboard access (billing alerts and self-orders tracking).

Access to:

• REST and ACME APIs.

• Reports, tools, and profile settings.

Discovery User

The Discovery User role is dedicated to users responsible for certificate discovery operations. This includes tasks such as key management, key store handling, and accessing discovery-related features.

Enforce 2FA

To enhance account security, the platform offers the option to enable Two-Factor Authentication (2FA) via T-OTP (Time-Based One-Time Password).

Enabling 2FA

• Check the box for "Enforce 2FA via T-OTP authentication mode" in the Account Configuration settings.

• Note that enabling 2FA is optional and can be configured by the administrator based on company policy.

What Happens After Enabling

Once enabled, users will need to configure T-OTP during their first login by:

• Scanning the provided barcode[M21] .

• Entering the generated OTP.

T-OTP authentication will then apply to all users associated with the account.

This feature ensures an added layer of security for platform access.

IP Restrictions

The IP Restrictions feature enables administrators to restrict access to business data by specifying a range of authorized IP addresses. This ensures secure and controlled access to sensitive information.

Configure IP Restrictions

Select a User: Choose the user for whom the restriction will apply. Alternatively, you can apply the restriction to all users.

Enter Allowed IP Range:

• Specify the Allowed IP Start Address.

• Specify the Allowed IP End Address.

Add Description (Optional): Provide a description for the IP restriction for easy identification.

This feature enhances security by ensuring that only authorized IP addresses can access your business data.

A created IP Restriction Rule can be disabled at any time by the administrator, providing flexibility to adjust access controls as needed.

Adding Credits to your account

Adding Credits

A message to Add Credits will be displayed when the account balance falls below the threshold set by the account administrator.

• Clicking the "Add Credits" hyperlink redirects to Billing & Payments > Add Credits.

• Follow the prompts to add funds and ensure your account balance is sufficient for future transactions.

These features ensure smooth account operations by keeping billing information updated and maintaining adequate account credits.

Billing and Payments

Billing & Payments

Add Credits

emSign CERTInext offers two modes of payment to add credits: Online Payment & Offline Payment.

To add credits to your account, navigate to Billing & Payments > Add Credits.

Online Payment

Upon selecting online Payment, the current account balance is displayed at the top.

• Enter the Amount to be credited, then click the Pay button

The system will redirect to the payment gateway. Enter your card details to proceed with the payment

To verify the payment status, enter the Payment ID under the "Recheck Payment Status" section and click the Recheck button.

Offline Payment

• On selecting offline Payment, the current account balance is displayed at the top.

• Enter the offline credits payment details and click the "Make Payment" button.

• Once the "Submit Offline Payment" button is clicked, a thank you message will displayed on the screen. Upon eMudhra finance approval, the amount will be credited into the account.

Invoices

The Invoices page provides a comprehensive list of all generated invoices for your certificate orders and services. From this page, you can download, review, and pay invoices, making it easy to track your organization's billing and payments.

Download Invoice

Via the Certificates Section

• Navigate to Certificates > Orders.

• Open the View Order page for the specific order.

• Click on Download Invoice to download a copy with all payment details.

Via Billing & Payments Section

• Navigate to Billing & Payments.

• Under Action, click on the Download icon next to the desired invoice.

• The invoice will then be downloaded to your system.

Download Credit Note

• To download any credit note, go to Certificates > Orders > View order page.

• This order action will be displayed when the Order status is cancelled (or) Rejected.

• On click of "Download Credit Note" a credit note will be downloaded with all the payment information.

IP Restrictions

The IP Restrictions feature enables administrators to restrict access to business data by specifying a range of authorized IP addresses. This ensures secure and controlled access to sensitive information.

Configure IP Restrictions

Select a User: Choose the user for whom the restriction will apply. Alternatively, you can apply the restriction to all users.

Enter Allowed IP Range:

• Specify the Allowed IP Start Address.

• Specify the Allowed IP End Address.

Add Description (Optional): Provide a description for the IP restriction for easy identification.

This feature enhances security by ensuring that only authorized IP addresses can access your business data.

A created IP Restriction Rule can be disabled at any time by the administrator, providing flexibility to adjust access controls as needed.

Follow these steps to place an order for a DV SSL/TLS certificate through the CERTInext portal. The same process applies for DV Multi-domain (UCC), Wildcard, and Wildcard-UCC products.

Step-by-Step Certificate Ordering Process

1. Choose Product & Validity

• Select the product from the Product Dropdown List: Options include emSign SSL/TLS - DV, DV Wildcard, DV-UCC, or DV Wildcard-UCC.

• If a UCC product is selected, enter the number of domains to see the order value in real-time.

• All emSign SSL/TLS certificates are valid for 1 year by default.

• Click "Next" to proceed.

1. Certificate Requester Information

Enter the following details for the certificate requester to ensure all notifications are sent to the correct person:

• Requester Name

• Requester Email ID

• Mobile Number

• Designation

• If another person should have authority to download the certificate, enable the relevant checkbox and provide their Contact Name and Email ID.

• Click "Next" to proceed.

1. Upload or Paste Certificate Signing Request (CSR)

You can provide the CSR in either of the following ways:

• Upload CSR file.

• Paste CSR directly into the designated field.

• Note: The CSR helps auto-populate the Domain Name under the certificate details section. If skipped, the SAN (Subject Alternative Name) field will not be auto filled.

• You can also skip this step by selecting "Skip CSR" and submitting the CSR later using the Order Quick Actions feature.

1. Certificate Details

• The Domain Name is auto populated based on the uploaded CSR.

• If no CSR is provided, or if additional domains are needed:

• Enter the domain name manually.

• Pre-verified domains associated with the selected group will appear in the dropdown list.

• For sub-domains, the system allows reuse of the validation of pre-verified base domains, ensuring quick issuance without requiring repetitive DCV (Domain Control Validation).

• Note: If the domain used is restricted by the administrator, the system will display a message:

• "One or more domain names provided in this order are not allowed due to specific domain restrictions. Please contact your account administrator."

• To add additional domains, select the DV UCC or DV Wildcard UCC product.

• Newly validated domains will be mapped to the Default Organization to avoid repetitive DCV in future orders.

• Click "Next" to proceed.

1. Additional Information (Optional)

• Reporting Tags: Add tags to map the request for easier tracking and filtering.

• Click "Add Tag" to provide the Tag Name and Tag Value, then click "Save" to proceed.

• Order Remarks: Add any relevant remarks for internal tracking.

• Technical Point of Contact: If another individual should manage the technical aspects, enable the checkbox and provide their Name, Email ID, Mobile Number, and Designation.

• Custom Fields: If any custom fields have been set by the administrator, they will appear here. Custom fields are not included as part of the certificate’s Subject/SAN attributes.

• Additional Email Recipients: Enable the checkbox to add recipients who will receive order confirmation, revocation, and renewal notifications (excluding verification-related notifications).

• Auto-Renew Certificates: Enable auto-renewal to automatically renew certificates based on the configured criteria. If disabled, manual renewal will be required before the certificate expires.

• Auto-renewal settings can also be edited later from the Orders View page after the order is placed.

• Click "Next" to proceed.

1. Order Summary & Payment

• Review the product information, certificate details, and payment summary.

• The Payment Group from which funds will be deducted will be indicated.

• Account Balance: Displays the current balance alongside the total order value.

• For USD Payments: GST is not applicable.

• For INR Payments: GST will be applied.

• Click "Pay Now" to complete the payment. Upon payment, the amount will be deducted from the selected group, and the system will redirect you to the Orders Page.

1. Post-Order Actions

Edit Custom Fields:

• Custom fields associated with the order can be edited after the order is generated.

Update Additional Email Recipients:

• Add or modify additional email recipients even after the order is placed to ensure they receive important notifications

What’s Next?

• Upon successful order placement, the certificate requester will receive an Order Confirmation Email with a tracking link.

• Use the tracking link to monitor the certificate verification process step-by-step.

• Once the certificate is verified and issued, the requester can download and deploy it accordingly.

Follow these steps to place an order for an EV SSL/TLS certificate. The same process applies to EV Multi-domain (UCC) products.

Step-by-Step Certificate Ordering Process

1. Choose Product & Validity

• From the Product Dropdown List, select any emSign SSL/TLS EV or EV UCC product.

• If a UCC product is selected, enter the number of domains to view the order value in real-time.

• Multi-year validity (up to 3 years) is available for all emSign SSL/TLS products.

• Click "Next" to proceed.

1. Organization Details

• New Organization:

If a new organization needs to be created, provide the following details:

• Organization Name

• Organization Unit

• Street Address 1 & 2

• Country, State/Province, Locality, and Postal Code

• Click "Next" to proceed.

• Pre-Verified Organization:

• To place an order with a pre-verified organization, click "Click Here" to open the list of EV-validated organizations.

• Select the desired organization, and all relevant details will be auto-filled.

1. Organization Representative Information

• Refer to emSign SSL/TLS OV Certificate Order.

• If a pre-verified organization is selected, the organization representative's details will be auto-filled.

• For manual input, follow the OV certificate ordering flow by entering the representative’s name, email ID, mobile number, and other details.

• Click "Next" to proceed.

1. Certificate Signing Request (CSR)

Refer to the DV certificate ordering process for CSR submission. Users can:

• Upload CSR

• Paste CSR

• Skip CSR and submit it later through Order Quick Actions.

• CSR auto-populates the Domain Name.

Certificate Details

• The Domain Name will be auto-filled based on the CSR.

• Alternatively, users can manually enter the following:

  • Domain Name

  • Business Category

  • Company Registration Number

• For pre-verified organizations, the list of pre-verified domains will appear in the Domain Name dropdown.

• Use the Single Sub-domain option to reuse pre-verified base domains for quick issuance without repetitive DCV (Domain Control Validation).

• Important Note:

• To add additional domains, select the EV UCC product.

• Click "Next" to proceed.

1. Authorized Signatory Information

This section requires details of the Contract Signer and Certificate Approver.

• Options for entering details:

  • New Entry

  • Existing Entry

• Same as Organization Representative (for Contract Signer)

• Same as Contract Signer (for Certificate Approver)

• For pre-verified organizations, these details will be auto filled.

If not available, enter the following manually:

• Name

• Email ID

• Telephone Number

• Designation

• Employee ID

1. Additional Information (Optional)

Refer to the OV certificate ordering flow for adding additional information, including:

• Reporting Tags: Add tags for easier tracking and filtering.

• Order Remarks: Add relevant remarks for internal use.

• Technical Point of Contact: Assign another person to manage the technical aspects.

• KYC Documents: Enable the checkbox to upload KYC documents, and click "Add Document" for multiple uploads.

• Custom Fields: If configured, custom fields will appear here. These are not part of the certificate’s SAN or Subject attributes.

• Additional Email Recipients: Add recipients who will receive order-related notifications.

• Auto-Renew Certificates: Enable auto-renewal to automatically renew certificates before expiration. This can be edited later in the Orders View page.

• Click "Next" to proceed.

1. Order Summary & Payment

• Review the product details, certificate information, and payment summary.

• The Payment Group from which the amount will be deducted will be displayed.

• Account Balance:

• USD Payments: GST is not applicable.

• INR Payments: GST will be applied.

• Click "Pay Now" to complete the payment. After payment, the system will redirect you to the Orders Page.

What’s Next?

• After the order is successfully placed, the Organization Representative will receive an Order Confirmation Email.

• The email will contain a tracking link to monitor the certificate verification process.

• Once the certificate is issued, the representative can download and deploy it.

Certificate Renewal Message

Administrators can configure a certificate renewal message to be displayed for all certificate orders. Follow these steps:

• Navigate to Settings > Account Configuration.

• Enter the desired message under 'Account-wide certificate renewal message'.

• Once configured, this message will appear on all order view pages under Certificates > Orders.

This feature ensures clear communication regarding certificate renewals across the account.

Additional Certificate Renewal Notifications

Administrators can configure additional email addresses for certificate renewal and expiry notifications. Follow these steps:

• Navigate to Settings > Account Configuration.

• Enable the checkbox for 'Account-wide certificate renewal email addresses'.

• Enter the recipient email addresses that should receive renewal or expiry notifications for emSign certificate orders created within the account.

This ensures that renewal notifications reach all relevant stakeholders, maintaining effective communication and timely action.

Configure Certificate Renewal Email Notifications Frequency

Administrators can set up customized notification frequencies for certificate renewals and expirations. Follow these steps:

• Navigate to Settings > Account Configuration.

• Enable the checkbox for 'Certificate Renewal Notification Frequency'.

• Select the desired reminder intervals (e.g., 90 days before expiry, etc.) to enhance the customer experience.

• Administrators can specify reminder dates both before and after expiry. This feature supports notifications for SSL/TLS and other certificate types.

By configuring this setting, administrators ensure timely notifications for certificate renewals, improving operational efficiency and avoiding service interruptions.

SSL Technical POC Email Notifications

Administrators can manage email notifications for technical points of contact (POC). Follow these steps:

• Navigate to Settings > Account Configuration.

The option 'Copy Technical Point of Contact in SSL Order Email Notifications' is enabled by default. This ensures that the technical POC receives notifications such as:

• Order confirmation

• CSR-related updates

• Certificate download links after SSL order generation

The account administrator can uncheck this option if notifications to the technical POC are not required.

This configuration ensures efficient communication for SSL order updates, tailored to organizational needs.

Low Balance Alerts

Administrators can configure low account balance alerts to ensure timely notifications when the account balance reaches a specified threshold.

Steps to Configure:

• Navigate to Settings > Account Configuration.

• Enable or disable the checkbox for 'Send Low Account Balance Alerts' based on your requirements.

• Upon enabling, two additional fields will appear:

  • Notification Email IDs: Enter the email addresses to receive low balance alerts.

  • Threshold Amount: Specify the threshold amount that will trigger the low balance alert.

• Once configured, an email will be sent to the specified recipients when the account balance reaches or exceeds the threshold.

This feature helps maintain account continuity by providing proactive alerts for low credit levels.

Certificate Renewal Notifications to Group Email Addresses

Administrators can configure and manage certificate renewal notifications for group email IDs to ensure timely communication.

Navigate to the Notifications section.

• Enable the 'Configure certificate renewal email addresses' checkbox to add group email IDs (e.g., Cost Center, Business Unit, Project, etc.).

• If account-wide certificate renewal email addresses are already configured (via Settings > Account Configuration > Configure Account-wide Certificate Renewal Email Addresses), they will be pre-filled but can be modified for the specific group.

Note: The entered email addresses will receive renewal and expiry notifications for emSign certificate orders associated with the respective group.

Edit Certificate renewal email addresses

• Certificate renewal email addresses can be edited after group creation.

• On click of "Edit" button, Administrator users can add/remove the certificate renewal information.

This feature ensures that relevant stakeholders are promptly notified about certificate renewals, facilitating seamless operations.

Step-by-Step Certificate Ordering Process

1. Choose Product & Validity

• From the Product Dropdown List, select any SSL/TLS product: OV, OV Wildcard, OV UCC, or OV Wildcard-UCC.

• If a UCC product is selected, enter the number of domains to see the order value upfront.

• The default validity period for all SSL/TLS certificates is 1 year.

• Click "Next" to proceed.

1. Organization Details

• Permission Levels:

  • Specific Access: Users can select organizations only from a pre-verified list no option to create new organizations.

  • All Access: Users can either select pre-vetted organizations or enter new organization details directly.

• To select a pre-verified organization, click "Click Here". The pre-verified organizations will be displayed in a popup.

• Click "Select" to pre-fill the organization information in the form.

• Click "Next" to continue.

• Important Note:

If the user has an organization reuse token, it can be provided by enabling the I have an organization reuse token checkbox.

When the reuse token option is enabled, no organization consent email will be sent to the representative.

1. Organization Representative Information

• If a pre-vetted organization is selected, the organization representative's details will be pre-filled automatically.

• For a new organization, choose between "New" or "Existing" user:

  • New: Enter the representative’s Name, Email ID, Mobile Number, and Designation.

  • Existing: Select the representative from the list of existing users.

• Certificate Download Delegation:

If the certificate download authority needs to be assigned to another individual, enable the Certificate Download Delegation checkbox and provide their Contact Name and Email ID.

• Click "Next" to proceed.

1. Certificate Signing Request (CSR)

• The process for submitting the CSR is identical to the DV SSL/TLS certificate order. Users can:

Upload CSR or

Paste CSR into the designated field.

• Skipping CSR:

  • If the CSR is skipped, the SAN (Subject Alternative Name) field will not be auto-filled.

  • Users can submit the CSR later using the Order Quick Actions feature.

1. Certificate Details

• If a CSR is provided, the Domain Name will be auto-populated.

• To add a domain manually, enter it in the Domain Name field.

• Pre-verified Domains: If the order is associated with a pre-verified organization, the corresponding domains will appear in the Domain Name dropdown list.

• Use the Single Sub-domain option to reuse validations of pre-verified base domains, avoiding repetitive DCV (Domain Control Validation).

• To add additional domains, select the OV UCC or OV Wildcard UCC product.

• Click "Next" to proceed.

1. Additional Information (Optional)

This section allows users to provide additional order-related details:

• Reporting Tags:

  • Add reporting tags by clicking "Add Tag". Enter the Tag Name and Tag Value and click "Save".

• Order Remarks:

  • Include any remarks for internal tracking.

• Technical Point of Contact:

  • Enable the Technical Point of Contact checkbox and provide the individual’s Name, Email ID, Mobile Number, and Designation.

• KYC Documents:

  • If required, enable the KYC Documents checkbox and upload the relevant documents. Use the "Add Document" button to upload multiple documents.

• Custom Fields:

If custom fields are active for the account, they will appear here. These fields are configured by the account administrator and are not included in the certificate’s Subject/SAN attributes.

• Additional Email Recipients:

Use this option to add email recipients who will receive Order Confirmation, Revocation, and Renewal Notifications, excluding verification-related alerts.

• Auto-Renew Certificates Until Coverage:

  • Enable auto-renewal to ensure certificates are renewed automatically based on the configured criteria.

  • If disabled, manual renewal will be required before the certificate expires. This setting can be edited later from the Orders View page.

• Click "Next" to proceed.

1. Order Summary & Payment

• Review the Product Information, Certificate Details, and Payment Summary.

• The Payment Group from which the order amount will be deducted will be displayed.

• Account Balance:

• For USD Payments: No GST will be applied.

• For INR Payments: GST will be applied.

• Click "Pay Now" to complete the payment. Upon payment, the amount will be deducted from the selected group, and the system will redirect you to the Orders Page.

What’s Next?

• Upon successful order placement, the Organization Representative will receive an Order Confirmation Email.

• This email will contain a tracking link to monitor the progress of the certificate verification process.

• Once the certificate is issued, the representative can download and deploy the certificate.

• Group Selection:

  • If multiple groups are configured by an organization, the same is available under New Certificate > New Request > For with a drop down containing the list of groups. The account user will have the option to select the desired group from this list.

• Payment Deduction:

  • Upon placing the order, the amount will be deducted from the selected group.

emSign SSL Subscription plan allows you to pay for a single price for up to three years of SSL/TLS certificate coverage for DV & OV products. With a Multi-year Plan, you select the SSL/TLS certificate, desired coverage period, and certificate validity. Until the subscription plan expires, you reissue your certificate at no additional cost either through manual or Auto approval based on your selected configuration.

Step-by-Step Ordering Process

Certificates > New Request.

• To order a subscription plan, navigate to:

Choose Product & Validity

1. Choose Your SSL/TLS Product

   • Select either DV or OV product from the subscription plan.

2. Fill in the Required Details:

• For OV certificates: Provide Organization Details (e.g., Organization Name, Unit, Country).

• For both DV and OV certificates: Enter the Certificate Requestor or Organization Representative Information (e.g., Name, Email ID, Mobile Number, etc.).

1. Upload, Attach, or Skip the CSR:

• You can either upload, paste, or skip the Certificate Signing Request (CSR).

• Skipping CSR: You can submit it later using Order Quick Actions.

1. Provide Certificate Information:

Enter the SAN Name and any additional information required.

1. Additional Information (Optional):

Add Reporting Tags, Order Remarks, Technical POC details, Custom Fields, and Auto-renewal options.

1. Proceed to Payment:

Complete the payment process for your selected SSL/TLS DV or OV product.

Choose Product & Validity

• To order a subscription plan, navigate to: Certificates > New Request.

• From the Products Dropdown List, select the emSign DV /OV product.

  • In the "Subscription For" field, choose the coverage duration:

  • 1 Year, 2 Years, or 3 Years.

  • If a UCC product is selected, enter the number of domains. The order value will be displayed based on the selected number of domains.

• Click "Next" to proceed.

Subscription Plan coverage for SSL Products

Auto-Renew Certificates Until Coverage:

Enable the "Auto-renew certificates until coverage" checkbox to configure automatic renewal.

• If enabled, emSign will automatically renew the certificate based on the selected criteria.

• A successful reissuance notification email will be sent upon renewal.

• If disabled, manual reissuance will be required before the certificate expires.

You can modify the auto-renewal settings later from the Orders View page after the order ID is generated.

Managing Orders and Subscription

View Orders and Subscription Details:

• Once the order is placed, the Orders View page will display the SSL subscription details.

• You can also modify the auto-renewal configuration from this section.

Certificate Management:

• After downloading the certificate, the account user can:

• Reissue the certificate as needed.

• Add or Remove SANs based on changing requirements.

If a reseller wants to place an order on behalf of the customer, it can be done in two ways

1. Organizations pre-verified and mapped under the reseller

Access the Pre-Verified List:

• In the Organization Details section, click the "Click here" button.

• A list of pre-verified organizations will be displayed.

• Select the appropriate organization from the list to proceed with the certificate request.

2. Organizations not mapped to the reseller

Search for External Organizations:

• If the reseller wishes to use an organization mapped to another account, click the "Search External Organization" link.

• This will prompt the user to enter the representative’s email ID.

Select External Organizations:

• After entering the representative’s email ID, a list of available organizations will be displayed.

• Select the desired organization and proceed with the certificate request.

Switching Organization Views

• If the user wants to switch back to the default organization view, click the "Switch to default view" link.

What’s Next?

1. Consent Email for External Organization:

   • Once the order is placed, a consent email will be sent to the external organization’s representative email ID.

   • The external representative must accept the organization reuse request.

2. Verification Status Update:

   • Upon acceptance, the Organization Verification Status will update to "Completed."

• If the reseller wants to place an order on behalf of the Enterprise account an option is available at the new request level.

• If the reseller checks that check box, all the Enterprise accounts will be displayed which are been part of the parent reseller account.

• Upon selecting the account reseller can place an order & amount will be deducted from the default group of the Enterprise account.

Important Note:

• This option will be available only for parent reseller accounts.

Additional Information

This section is optional. Here, the account user can:

• Add Reporting Tags

• Provide Order Remarks

• Enter Technical Point of Contact (POC) details (if required)

Additional Email Recipients for Notifications

• A new option, "Additional Email Recipients," is available for notification purposes.

• To include additional recipients, enable the "Additional Email Recipients" checkbox and enter the corresponding email IDs.

• Note:

Additional email recipients will receive the following notifications:

• Order Confirmation, Revocation, and Renewal Reminder Notifications (excluding specific verification-related notifications).

• Order Successful / Tracking Link Email Notifications

• CSR-Related Email Notifications

• Certificate Download Email Notifications

• Customer Actions Pending Reminder Notifications

• Certificate Renewal Reminder Notifications

• Order Discrepancy Email Notifications

• Certificate Revocation Email Notifications

• Reissue Email Notifications

• Retry CAA Email Notification

Updating Additional Email Recipients

• Additional Email Recipients can be edited after the order has been generated via the Orders View Page.

• For all future notifications, the updated recipients will receive relevant emails accordingly.

• Click "Next" to proceed.

Purpose of Custom Fields:

• This form allows you to specify or enter values for each active custom field available in your emSign account.

• These custom fields will be displayed under the Additional Information section of the order form.

Administrator-Enforced Fields:

• All custom fields shown on the order form are configured by the account administrator through the Custom Fields Settings.

• Only the mandatory fields are required to complete the order.

Note:

• The value entered for the same custom field can vary from order to order based on the specific requirements of each request.

• Custom Fields are not included as part of the Subject or SAN (Subject Alternative Name) attributes in the certificate.

Editing Custom Fields

• Custom Fields can be modified after the order has been generated.

• Navigate to the Orders View Page to edit the fields, as shown below.

Follow these steps to order an IGTF certificate using the external DNS type option through the emSign CERTInext

Step-by-Step Certificate Ordering Process

1. Choose Product & Validity

• Navigate to the Private PKI Product section.

• Select IGTF product from the Product Dropdown List.

• Click "Next" to proceed.

2. Certificate Requester Information

• Provide the following details:

  • Requester Name

  • Email ID

  • Mobile Number

  • Designation

• These details will ensure the requester receives all relevant order notifications.

• Click "Next" to continue.

1. Certificate Information

• Domain Name: Enter the domain name (mandatory).

• www Variant: By default, the checkbox "Automatically secure 'www' variant of websites" will be selected. You can uncheck it if not required.

• Additional Details: Optionally, enter:

  • Additional Domain Names

  • Organization Name

  • Organization Unit

  • Country

  • State/Province

• Click "Next" to proceed.

Important Notes on DNS Type

Internal DNS Type:

• If Internal is selected, an order confirmation email will not be sent.

• The user can download the certificate immediately from the "Download Certificate" option on the Orders View Page.

External DNS Type:

• If External is selected, an order confirmation email with a tracking link will be sent to the requester.

• The requester must complete all pending actions before downloading the certificate.

1. Certificate Signing Request (CSR)

• CSR submission is mandatory for private PKI products.

• You can provide the CSR using one of the following methods:

  • Upload CSR

  • Paste CSR

• Click "Next" to continue.

1. Additional Information (Optional)

Reporting Tags:

• Add reporting tags by clicking "Add Tag".

• Enter the Tag Name and Tag Value and click "Save".

KYC Documents:

• If required, enable the KYC Documents checkbox.

• Upload the relevant documents and provide a brief description.

• Click "Add Document" to upload multiple documents. Enterprise Administrators will review the KYC documents as part of the approval process.

Order Remarks:

• Add any relevant remarks to the order request.

1. Order Summary & Payment

This section provides an overview of:

• Product Information

• Certificate Details

• Administrator Validation Checklist (if applicable)

• Payment Summary (including the deduction group from which payment will be made)

Administrator Validation Checklist:

• This checklist will appear if configured as mandatory or optional during the product creation process.

• It will only be displayed if administrator approval is required.

Payment Information:

• Displays the account balance, order value, and grand total.

• For USD payments: GST is not applicable.

• For INR payments: GST will be applied.

• Click "Pay Now" to finalize the payment.

• After payment, the user will be redirected to the Orders View Page, where all order-related details will be available.

Important Note

• If administrator approval is required, the order status will be displayed as "Order Pending for Approval."

What’s Next?

• Upon successful order placement, the Certificate Requester will receive an Order Confirmation Email with a link to the Track Order Page.

• The requester can use the tracking link to monitor the certificate verification process and download the certificate once it is ready.

• Order Placement: Upon clicking the "Submit" button on the order Summary & Payment page, the request will appear on the Orders page, with the status "Order Pending for Approval".

• Administrator Action: Once the order is listed, the administrator can either approve or reject the request from the Orders page, as shown below.

• Rejecting an Order:

  • Upon clicking the "Reject" button, the reason for rejection must be entered in the rejection field.

  • Click on “Reject” to finalize the rejection.

• Approving an Order:

  • Upon clicking the "Approve" button, the system navigates to New Request > Order Summary & Payment Page

  • The account user must click "Pay now" to submit the request and generate the Order ID.

• Order Completion: Once the payment is successful, the system redirects to the orders page with all the necessary information and associated Order actions as shown below.

Administrator approval is required only when the order is placed by a Standard User or Basic User places an order.

To download the certificate, Navigate to the order, Certificates > Orders > View order page.

Click the "Download Certificate" button and the, certificate will be downloaded.

• To replace the CSR, navigate to Certificates > Orders > View order

• Clicking the "Replace CSR" button will open a modal window, allowing you to upload the new CSR as shown below.

• After the CSR is updated, click the "Update" button to apply the changes.

• To Submit the CSR, navigate to Certificates > Orders > View order page.

• Clicking the "Submit CSR" button will open a modal window, allowing you to upload the CSR, as illustrated below

• After uploading the new CSR, click the “Update” button to finalize the submission.

To streamline approval processes, the EV Request Approvals feature is accessible within the CERTInext platform under:

Organizations > EV Request Approvals.

This feature simplifies the approval workflow by allowing in-platform approvals, complementing email notifications. The Certificate Approver must be an authorized user within their enterprise account to access and approve EV certificate requests.

• To View the SSL EV Certificate request, Organizations > EV Request Approvals. This helps to simplify approval processes with our new in-platform approval feature, complementing email notifications. To access this feature, Certificate Approver should be an account user within their enterprise account.

• Certificate approver can use the “Order ID” filter to quickly locate specific EV certificate requests.

Approving or Rejecting an SSL EV Certificate Request

Accessing the Request Details:

Click on the relevant "Order ID" link to open a detailed modal displaying:

1. Certificate Approver Information

2. Order Details

3. Organization Information

Approval Actions:

Approve:

1. Click the "Approve" button to complete the certificate approval.

2. The status will update to "Yes" to indicate that consent has been granted.

Reject:

1. Click the "Reject" button to finalize the rejection process.

2. The status will update to "No" to indicate that consent has not been granted.

Applicable only for SSL OV & EV Certificate orders

To download any Interim DV Certificate, navigate to the order: Go to Certificates > Orders > View order

Click on the of "Download Interim DV" which displays a a modal with all the necessary information.

In the modal, click on "Download interim DV" button to download the certificate.

• To revoke an issued certificate, Navigate to the order, Certificates > Orders > View order page.

  • To revoke a downloaded certificate, click the "Revoke Certificate" button under Order Action.

  • On click of "Revoke Certificate" a modal will appears shown below.

• Enter the Revocation Remarks and select the Revocation Reason from the dropdown list and click the "Submit" button to complete the revocation process.

To initiate Reissue Certificate Navigate to the order by, Certificates > Orders > View order page > Reissue Certificate.

• The downloaded certificates can be Reissued by selecting the "Reissue Certificate" button is available in order quick action as shown below.

• Upon clicking "Reissue Certificate" a modal will appear with all the necessary information as shown below.

• To Reissue the certificate, the account user must provide a reason from the pre-defined options.

Certificate Signing Request (CSR)

• User can either upload the CSR file or paste the CSR or can choose to Skip the CSR as shown below.

• Upon clicking on the "Request reissue" button, the system will generate a re-issuance order ID. All re-issued certificates can be tracked as shown below.

What's Next?

Certificate requester / Organization representative will be notified with-

1. An order confirmation email

2. All the order related communications

3. Required actions specific to the product

This page is used to create and manage CSR (Certificate Signing Request) templates. Enter the required details like signature algorithms and key sizes and configure the subject DN details to simplify the CSR generation process for your organization.

Create CSR Templates

Step 1:

• To create custom CSR template, unique Template name to be provided.

• The Signature Algorithm, Key Algorithm, Key Size to be selected from the dropdown list.

Step 2:

• In Subject DN details, select the desired field to be added to the CSR. If any new field to be added other than the ones displayed administrators can click on "(+)" button to add new custom field.

Step 3:

• Subject Alternative Name can be selected by selecting the checkbox and click on Save button.

Step 4:

• After CSR template is created, it is listed with status as Active.

Edit CSR templates

• Under Actions tab, click on the Edit Template icon, the page will be redirected to Update CSR Template page.

• Edit the fields and click on Update button. The changes made will be updated successfully.

Clone CSR templates

• Under Actions tab, click on the Clone Template icon, the page will be redirected to Clone CSR Template page.

• Enter the new Unique name and click on Clone button. The template will be cloned successfully.

Disable CSR templates

• Under Actions tab, click on the Disable Template icon, confirmation popup is opened.

• Click on Yes button, the template will be disabled successfully.

Delete CSR templates

• Under Actions tab, click on the Delete Template icon, confirmation popup is opened.

• Click on Yes button, the template will be deleted successfully.

Templates are predefined structures or configurations used for simplifying processes such as generating certificates, configuring servers, or automating SSL/TLS settings.

This page is used to create configuration templates for certificates. These templates define the necessary attributes and settings for certificate generation, such as the CSR template, key pair types, and deployment methods.

Create provisioning templates

Step 1:

• In Certificate Information tab, enter the unique Template Name.

• Select the Origin of the Certificate configuration from the dropdown menu.

• Select the CSR template from the dropdown menu. If CSR template is not created, click here to view on how to create a custom CSR template.

• By default, the Default Template is set as Yes.

Step 2:

· Select the Key Pair Type. If New is selected, new key is generated.

· If Key Pair Type is selected as Existing, previously created keys are listed for user to select.

· If Key Store Password Type is selected as Random, a random system generated password is created which can be viewed later. If Manual is selected, the user can provide any desired password.

· In CA Type tab, select the CA and CA Connector name and click on Save button.

Step 3:

· Select the CA from the dropdown menu.

· Select the CA Connector Name from the dropdown menu and click on Save button.

Step 4:

· After Provisioning template is created, it is listed with status as Active.

Edit provisioning templates

· Under Actions tab, click on the Edit Template icon, the page will be redirected to Update Provisioning Template page.

· Edit the fields and click on Update button. The changes made will be updated successfully.

Clone provisioning templates

· Under Actions tab, click on the Clone Template icon, the page will be redirected to Clone Provisioning Template page.

· Enter the new Unique name and click on Save button. The template will be cloned successfully.

Disable provisioning templates

· Under Actions tab, click on the Disable Template icon, confirmation popup is opened.

· Click on Yes button, the template will be disabled successfully.

Delete provisioning templates

· Under Actions tab, click on the Delete Template icon, confirmation popup is opened.

· Click on Yes button, the template will be deleted successfully.

Organizations Management Overview

The Organizations Management section serves as the central hub for monitoring, managing, and maintaining information related to all organizations created within the system. It not only lists organizations with their statuses but also provides tools to update information, track key representatives, and manage approval workflows such as Extended Validation (EV) requests.

This section ensures seamless governance by enabling administrators to keep organization records accurate and updated, making it easier to oversee operations and compliance.

Features and Functionalities of Organizations Management

Comprehensive Organization Listing

All organizations created in the system are presented in a consolidated list.

Each entry displays:

• Organization Name

• Unique Identifier (if applicable)

• Status of the Organization (e.g., Active, Pending, or Suspended)

• Date of Creation/Last Updated

This overview allows users to quickly monitor the state of all organizations and take necessary actions.

Manage Organization Information

Select any organization from the list to edit or update key information, including:

• Name, Address, and Legal Information

• Contact Details

• Organization Validity or Renewal Dates

• Status Management: Administrators can activate, deactivate, or suspend organizations based on compliance requirements or internal policies.

Keeping this information accurate ensures compliance with security and operational protocols.

Organization Representative Management

Each organization must designate primary and alternate representatives.

• These representatives are responsible for interacting with the system and making formal requests (like certificate orders or EV validations).

The Organization Representative Information section displays:

• Name, Role, and Contact Information of the representatives

• Access levels or permissions granted to them

• Ability to edit or replace representatives when necessary

Ensuring correct representative information guarantees smooth communication and process flows with the organization.

Extended Validation (EV) Request Approvals

Track and manage EV certificate requests for the selected organization.

• EV certificates are used to establish higher trust levels, especially in public-facing applications.

Admins can:

• Approve, Reject, or Request Modifications to EV requests.

• Track the status of each EV request (e.g., Pending, Approved, Rejected).

• Ensure audit logs are maintained for each approval or rejection for future reference and compliance.

This feature helps administrators enforce rigorous security practices for organizations requiring enhanced validation processes.

Advanced Actions for Administrators:

Export Organization Data:

• Export the list of organizations along with their details for reporting or compliance purposes.

Set Up Alerts and Notifications:

• Configure alerts to receive notifications on status changes or upcoming renewals.

• Automate notifications for EV request status updates to stay informed in real time.

Audit Trail:

• Access a history of changes and approvals for each organization to ensure accountability and transparency.

• Log all modifications to representative information and EV requests for compliance auditing.

OV Prevetting

This helps enterprises to re-use organization details in the ordering form and quickly get the OV certificates with minimum verification requirements and customer pending actions.

Navigate to Organizations > Add Organization

• Enter the required Organization Information

• Enter the Organization Representative Information

• Upload the Organization Registration Documents and click on Submit for Validation

The organization details verification will be pending with validation for OV. For details on OV validation process, click here.

The Organization details are verified by the eMudhra validation team and approved.

After the Organization verification, the Organization information can be re-used to order the certificate reverification of the organization details.

Note: The OV Organization details is also verified while ordering a OV certificate. For details on ordering a OV certificate, please click here. The same organization details can be re-used for the subsequent OV orders.

EV Prevetting

Navigate to New Certificate > SSL/TLS Certificates > EV certificate

For EV Organizations, user must verify the organization by ordering any EV certificate. For details on ordering a EV certificate, click here.

The EV Organization details are verified by the eMudhra validation team and approved.

In the Organizations page, the organization details verification will be pending with validation for as EV & OV.

The same EV Organization details can be re-used for ordering a new EV or OV certificate as a pre-vetted organization.

Note: Exclusive EV prevetting of organization is not available.

The “Renew Certificate” button will be available 60 days before the certificate expiry.

• To renew certificate, Navigate to the order, Certificates > Orders > View order page.

• Click "Renew Certificate" button and the system will navigate to the New Request page to initiate the renewal process.

• To initiate Add/remove SANs, Navigate to the order Certificates > Orders > View order page > Add/Remove SANs.

• The downloaded certificates can have SANs added or removed by clicking the"Add / Remove SANs" button available under Order Quick Action as shown below.

• Clicking "Add/Remove SANs" will display a modal with all the necessary information as shown below.

• To add (or) remove the SANs, the account user must select a reason from the pre-defined options.

Add / Remove SANs

• This allows the account user to add (or) remove the SANs. Please note that no refunds will be issued for removal of SANs.

For any additional SANs, a “Calculate Price” field will be displayed. Upon clicking this button, "Payment Information" section will appear.

Clicking the "Request reissue" button will generate a reissuance order ID, All the re-issued certificates can be tracked as shown below.

This option is applicable only for UCC & Multi-domain products

What's Next?

Certificate requester / Organization representative will be notified with

1. An order confirmation email.

2. All order related communications.

3. Required actions specific to the product

To create a new custom private product, go to Certificates> Products. By default, both public & private tabs will be displayed.

• Private: Displays a list of default private PKI products along with private products created by the account user.

• Public: Displays all the default emSign public products mapped to the account.

Note: Account users won’t have a provision to add the new public product.

Creating a New Private PKI Product

Click the "Create product (+)" button located on the right below screen.

Enter product details

• Product Name: Provide a unique name for the product.

• Validity: Define the product validity period.

• Select Subordinate CA: Choose from the list of available end-entity private CAs.

• Certificate Profile: By default, the custom type will be displayed.

• Certificate Template:

  • Choose from one of the following templates:

    • Client TLS

    • Mutual TLS

    • Server TLS

    • Email Protection

Depending on the selected template, a predefined setup profile will appear.

Configure Certificate Details

• Subject Attributes: Provide the necessary subject attributes.

• Subject Alternative Name (SAN) Attributes: Add relevant SAN attributes.

• CA Extensions: Mark the required CA extensions for the certificate.

Advanced Settings

Automatically Approve the Certificates

• Enabled No administrator intervention is required for order approval as it will be fully automated. Upon placing the order, the system will generate an Order ID automatically.

• Disabled: Administrator approval is required before the order is processed.

• Specify Validation Checklist: The validation checklist configured here will appear under New Request > Order Summary & Payment section for administrator review. Additionally, the account user can specify the conditions & presence to tailor the checklist for order approval.

• Once all product details are filled, click the "Create" button to proceed.

Important Notes:

Dynamic vs Fixed fields:

• Dynamic field restriction: Values for Subject Attributes and Subject Alternative Name (SAN) Attributes can be provided later at the New Request level.

• Fixed Field restriction: Values must be defined during product creation and will remain consistent across all orders using this product.

What's Next?

Once the product is successfully created, it will become available under New Request> Products. Users can select this product to place orders.

Users can view or edit existing requests on the Orders page. By default, the last 10 request/orders are displayed, as shown below.

By clicking 'Advanced Search,' the account user can further filter requests using criteria such as:

• Date Range

• Domain Name

• Organization Name

• Product

• Other available details

Approve Sub Account Certificate Request

Navigate to the Certificates > Orders. Open the order with the status "Order pending for parent approval".

• Click the "View" button on the orders page to verify all relevant information related to the certificate orders

• After verifying the details, click the “Approve” button.

• Upon clicking "Approve", the system will navigate to New Request > Order Summary & Payment Page.

• Click "Pay now" to complete the payment. The will be deducted from the main user account balance within the default group.

• Once payment is completed, the system will redirect to the orders page displaying all the necessary information and its associated Order.

What's Next?

Upon successful order placement, the certificate requester / Organization representative will receive an Order Confirmation email.

The email will include a link to the Track Orders page, where users can monitor the certificate verification process.

Save as Draft Request

• Upon clicking the "Save" button on the Order Summary & Payment page, the request will appear on, the Orders page with the status "On Hold".

• If the status is "On Hold", it can either be processed /rejected from Oorders view page as shown below.

• Rejecting the Request: Click the "Reject" button and enter the reason for rejection in the provided field and click “Reject” to finalize the action.

Payment:

• Click the "Proceed to Pay" button to navigate back to the Order Summary & Payment Page. The account user, must click "Pay now" button to submit the request and generate the Order ID.

• Once the payment is successful, the system redirects to the Orders Page, displaying all relevant order details.

• The associated Order Actions and Quick Actions will also be available for further processing as shown below.

Order Status  and Corresponding situations

Order pending for parent approval & On Hold

Explained above as part of approve sub account certificate request & On Hold status.

Order Accepted

• This status will be displayed once the order is placed by an account user.

Order in progress

• This status will be displayed when the order is in progress (i.e., Any of the action completed either from customer (or) eMudhra.

Order Fulfilled

• This status will be once the certificate request is approved by eMudhra.

Order Cancelled

• This status will be displayed when an account user cancels the certificate request.

Order Rejected

• This status will be displayed when customer rejects the certificate request.

Sharing Order Status

• Navigate to: Certificates> Orders> View Order page and Click on "Track Order" to open a modal, as shown below.

Ways to track the order:

You can track the order status using either of the following options:

• Open URL: Click "Open URL" to open the track order page in a separate window, displaying the product verification process.

• Share URL: Click "Share URL" to send the order tracking link to the Certificate Requester/Organization Representative.

Cancel A Pending Certificate Order

• Navigate to the Order Page:

• Go to Certificates > Orders > View Order page.

Initiate Order Cancellation:

• Click on the Cancel Order button under the order actions.

• A confirmation modal will appear as shown below.

Provide Cancellation Remarks:

• Enter the reason for cancellation in the Cancellation Remarks field.

• Click on Cancel Order to confirm.

What's Next?

Upon order cancellation, the certificate request will no longer be processed. Account user will receive a refund for the cancelled order. They can go back to the Order View page to download a credit not associated with the cancelled order if they desire.

The Domains Management section is designed to provide a centralized platform for managing all domains, monitoring their status, and handling Domain Control Validation (DCV) processes to ensure streamlined and secure domain verification.

Benefits of Domains Management

Enhanced Control and Visibility:

• Enhanced Control and Visibility:

  • Users gain a single platform to view and manage all domains, improving efficiency and reducing the risk of lapses in domain verification or expiration.

• Streamlined Verification Process:

  • The ability to adjust DCV methods and track status simplifies the management of compliance requirements and keeps domains secure.

• Secure Domain Addition:

  • Adding new domains with ownership verification helps maintain the security of the domain portfolio and prevents unauthorized additions.

  • By centralizing these functions, the Domains Management section helps organizations maintain a secure, organized, and fully validated domain portfolio, crucial for digital security and operational efficiency.

Manage and View Domain Information

• Detailed Domain Information:

  • For each domain, users can access detailed information, including domain name, creation date, verification details, and ownership records. This allows users to have complete visibility over each domain’s setup and history.

• Editing Domain Information:

  • Users can modify or update domain-related details directly from this section, ensuring that the information is always current and accurate. This is particularly useful when domain ownership changes or updates are needed for compliance or business requirements.

Domain Control Validation (DCV) management

• Flexible DCV Method Changes:

  • The Domain Control Validation (DCV) method can be altered if a different verification method is preferred or required. Users can select from multiple DCV methods such as Email, DNS, or HTTP, depending on what best suits the domain and organization’s needs.

• Sending for Approval:

  • Once the DCV method is chosen, users can initiate the approval process. This is essential for completing the domain verification process and is done with a single click, streamlining the workflow.

• Tracking DCV Status and Expiry Date:

  • For each domain, the DCV status (e.g., Pending, Approved, Rejected) and Expiry Date of the validation are prominently displayed. This allows users to stay informed on when validations need renewal and if any issues arise in the approval process, they can be addressed promptly.

Adding a New Domain

• Creating and Verifying New Domains:

New domains can be added through this feature, where they undergo a verification process to confirm domain ownership. This includes setting up the domain’s information and initiating the DCV process to ensure the domain is validated correctly.

• Domain Ownership Verification:

  • As part of the new domain creation, verification is conducted to confirm that the domain belongs to the requesting organization. This security step prevents unauthorized domain additions and enhances trust. To Know more about DCV method, click here.

• DCV Method Overview:

  • To understand the available DCV methods, users can click on the provided link, which explains the options (Email, DNS, or HTTP) and their specific requirements. This resource ensures that users select the most suitable DCV method for their needs.

Domain List and Status Overview

• Comprehensive Domain Listing:

  • All domains that have been created are listed here in an organized format, allowing users to view and access each domain quickly. This includes both active and inactive domains.

• Status Indicators:

  • Each domain displays a status indicator (e.g., Verified, Pending, Expired), providing users with an instant overview of the verification and operational state of each domain. This feature helps in identifying any domains that may need immediate attention for renewal or verification.

Manage and View Domain Information

• Detailed Domain Information:

  • For each domain, users can access detailed information, including domain name, creation date, verification details, and ownership records. This allows users to have complete visibility over each domain’s setup and history.

• Editing Domain Information:

  • Users can modify or update domain-related details directly from this section, ensuring that the information is always current and accurate. This is particularly useful when domain ownership changes or updates are needed for compliance or business requirements.

Domain Control Validation (DCV) management

• Flexible DCV Method Changes:

  • The Domain Control Validation (DCV) method can be altered if a different verification method is preferred or required. Users can select from multiple DCV methods such as Email, DNS, or HTTP, depending on what best suits the domain and organization’s needs.

• Sending for Approval:

  • Once the DCV method is chosen, users can initiate the approval process. This is essential for completing the domain verification process and is done with a single click, streamlining the workflow.

• Tracking DCV Status and Expiry Date:

  • For each domain, the DCV status (e.g., Pending, Approved, Rejected) and Expiry Date of the validation are prominently displayed. This allows users to stay informed on when validations need renewal and if any issues arise in the approval process, they can be addressed promptly.

Adding a New Domain

• Creating and Verifying New Domains:

New domains can be added through this feature, where they undergo a verification process to confirm domain ownership. This includes setting up the domain’s information and initiating the DCV process to ensure the domain is validated correctly.

• Domain Ownership Verification:

  • As part of the new domain creation, verification is conducted to confirm that the domain belongs to the requesting organization. This security step prevents unauthorized domain additions and enhances trust. To Know more about DCV method, click here.

• DCV Method Overview:

  • To understand the available DCV methods, users can click on the provided link, which explains the options (Email, DNS, or HTTP) and their specific requirements. This resource ensures that users select the most suitable DCV method for their needs.