It is recommended that the person designated as responsible for the service has an administrative profile, but there is no problem in assuming a higher profile, as long as he can personally carry out the functions that are his own.
The main tasks of the service manager are detailed below:
The subscriber's folder is the space that the AOC Consortium makes available to users of the certification service so that they can quickly and conveniently access the main management related to certificates.
From this application, as the person in charge of the service, you must confirm receipt of the T-CAT cards, record their delivery to the respective holders and have them previously sign the associated documentation, as well as complete the generation of the device certificates through their delivery and unloading.
To access, enter your employee T-CAT on the card in the reader and access the subscriber's folder . Next, a drop-down will appear to select your T-CAT and enter the PIN .
Once you have identified you will automatically enter the application.
From the subscriber's folder you can search for certificates issued by the organization. Once you have accessed the application, go to the " Certificates issued " section:
Next, the list of certificates will be displayed, these can be in a valid, revoked, expired or suspended state. If you want to search for a specific certificate, you can use the filter shown below and access all its data and its history:
Once digital certificates have been requested through EACAT and handled by your T-CAT Registry Entity, as a service manager you can view ongoing certificate requests and their status in the " Request status " section of the subscriber's folder .
To have more details of the request, you can hover your mouse over the status icon or also access for more detailed information.
In the event that a request does not appear in this section , verify that it has been registered in EACAT (in the exit register of your organization) or that you have not received, as the person in charge of the service, an email informing of the denial of the application certificate request for some error.
To be able to deliver the PIN and PUK codes of a new certificate, access the subscriber's folder in the " Pending delivery " section.
To find the certificate you want to deliver, you can search with the magnifying glass located in the upper right or by expanding the number of records per page:
Once you have found the certificate, download the associated documentation found in the " Actions " column and have the holder sign it:
Note: The subscribing body must keep this documentation for a period of 15 years from the expiry of the certificate.
Once the holder has signed the documentation, to deliver the PIN and PUK codes click on the envelope icon located in the " Actions " column
Then the following screen will open showing the certificate details and click on the button Issue PinPuk .:
The application will ask for your signature as a certificate operator accepting the delivery conditions of the service manager, once read press the " Accept " button
Finally, a screen is displayed that confirms the sending of the PIN and PUK codes to the e-mail of the certificate holder and this disappears from the list of certificates pending delivery.
To recover the PIN and PUK codes of a T-CAT card access the subscriber's folder and go to the " Delivered " section.
Find the certificate in question and select the envelope icon located in the " Actions " column :
Then the following screen will open showing the certificate data. To retrieve your PIN and PUK codes , click the Deliver PinPuk button.:
The application will ask for your signature as a certificate operator accepting the terms of delivery of the service manager, once read press the " Accept " button.
Once this is done, a screen is displayed that confirms the sending of the PIN and PUK codes to the e-mail of the certificate holder.
The same certificate holder can also recover the PIN and PUK codes of their card certificate.
Important: The holder of the certificate must be present to be able to indicate the password required for the subsequent download of the certificate.
To deliver a T-CAT P you have 30 calendar days from when the certificate is pending delivery. As the person in charge of the service, you must access the subscriber's folder in the " Pending delivery " section:
To find the certificate you want to deliver, you can search with the magnifying glass located in the upper right or by expanding the number of records per page:
Once the certificate has been located , download the associated documentation found in the " Actions " column and have the holder sign it:
Once the documentation has been downloaded and signed by the holder, the padlock icon will be activated in the "Actions" column to create the password. Press the padlock icon and the owner will have to enter the personal password that will be used to download the T-CAT P later:
Once the password has been entered, the envelope icon will be activated in the "Actions" column which will allow the download email to be sent to the certificate holder. Press the envelope icon.
Then the following screen will open showing the certificate data. To deliver the T-CAT P click on " Deliver email "
The application will ask for your signature as a certificate operator accepting the terms of delivery of the service manager, once read press the " Accept " button.
Once this is done a screen is displayed confirming that the delivery has been made and the certificate will appear under 'Delivered'.
Important: From this moment, the holder has 10 days to download the certificate. If you do not download it within this period, it will be automatically revoked.
Application certificates:
To be able to deliver an application certificate, access the subscriber's folder in the " Pending delivery " section:
To find the certificate you want to deliver, you can search with the magnifying glass located in the upper right or by expanding the number of records per page:
Once you have located the certificate, download the delivery slip from the " Actions " column (if you do not download the delivery sheet the tool will not allow you to download the certificate)
If you have already downloaded the delivery sheet, click the download icon
Then the following screen will open showing the certificate data. To download the certificate select the " Send email and download" button
The application will ask for your signature as a certificate operator and show you the details of the certificate that will be generated next.
If the computer asks you if you want to open or save the file, it is very important to click "SAVE" at the time of download. When saving the certificate will be saved in .p12 or .pfx format in the folder defined by the downloads on the computer where the whole process was done.
Once saved, the certificate will already be downloaded and will appear under "Delivered".
Once any type of certificate has been delivered or downloaded through the subscriber folder, the person in charge of the service has the possibility to download only the public key.
The public key is used to consult the data contained in the certificate, as well as to authorize the use of the certificate by third-party applications.
Below is more information on how to download the public key of a certificate from the subscriber folder.