It is advisable that the person designated as head of the service has an administrative profile, but there is no problem with a higher profile assuming this role, as long as they can personally carry out the functions that are specific to them.
The main tasks of the service manager are detailed below:
The subscriber folder is the space that the AOC Consortium makes available to users of the certification service so that they can quickly and conveniently access the main procedures related to certificates.
From this application, as the person responsible for the service, you must confirm the receipt of the T-CAT cards, record their delivery to the respective holders and have them previously sign the associated documentation, as well as finalize the generation of the device certificates by delivering and downloading them.
To access, enter your T-CAT employee card number in the reader and access the subscriber folder . A drop-down menu will then appear to select your T-CAT and enter the PIN .
Once you have identified yourself, you will automatically enter the application.
From the subscriber folder you can search for the certificates issued by the organization. Once you have accessed the application, go to the “ Issued certificates ” section:
Next, the list of certificates will be displayed, these can be in valid, revoked, expired or suspended status. If you want to search for a specific certificate you can use the filter shown below and access all its data and history:
Once the digital certificates have been requested through EACAT and your Registration Entity T-CAT has managed it, as the person responsible for the service you can view the ongoing certificate requests and their status in the “ Request status ” section of the subscriber folder .
To have more details about the request, you can hover over the status icon or also access more detailed information.
In the event that a request does not appear in this section , verify that it has been registered in EACAT (in your organization's exit register) or that you, as the person responsible for the service, have not received an email informing you of the denial of the certificate request due to an error.
To be able to deliver the PIN and PUK codes for a new certificate, access the subscriber's folder in the “ Pending to be delivered ” section.
To search for the certificate you want to deliver, you can search with the magnifying glass located in the upper right or by expanding the number of records per page:
Once you have found the certificate, download the associated documentation found in the " Actions " column and have the holder sign it:
Note: The subscribing body must retain this documentation for a period of 15 years from the expiry of the certificate.
Once the holder has signed the documentation, to deliver the PIN and PUK codes, click on the envelope icon located in the " Actions " column.
The following screen will then open where the certificate data is displayed and click on the Deliver PinPuk button:
The application will request your signature as a certificate operator accepting the delivery conditions of the service manager, once read press the " Accept " button.
Finally, a screen is displayed confirming the sending of the PIN and PUK codes to the certificate holder's email and it disappears from the list of certificates pending delivery.
To recover the PIN and PUK codes of a T-CAT card, access the subscriber's folder and go to the " Delivered " section.
Find the certificate in question and select the envelope icon located in the " Actions " column :
The following screen will then open showing the certificate details. To retrieve the PIN and PUK codes , click the Release PinPuk button:
The application will request your signature as a certificate operator accepting the delivery conditions of the service manager. Once read, press the " Accept " button.
Once this is done, a screen is displayed confirming the sending of the PIN and PUK codes to the certificate holder's email.
The certificate holder himself can also recover the PIN and PUK codes of his certificate on card.
Important: The certificate holder must be present to be able to indicate the password necessary for the subsequent download of the certificate.
To be able to deliver a T-CAT P you have 30 calendar days from the date the certificate is pending delivery. As the person responsible for the service, you must access the subscriber's folder in the section " Pending delivery ":
To search for the certificate you want to deliver, you can search with the magnifying glass located in the upper right or by expanding the number of records per page:
Once the certificate has been located, download the associated documentation found in the " Actions " column and have the holder sign it:
Once the documentation has been downloaded and signed by the holder, the padlock icon will be activated in the "Actions" column to create the password. Press the padlock icon:
On the screen that appears, the holder must enter the personal password that will be used to download the T-CAT P later:
In this field, neither copying nor pasting the password is allowed.
Once the password has been entered, the envelope icon will be activated in the "Actions" column, which will allow the download email to be sent to the certificate holder. Press the envelope icon.
The following screen will then open showing the certificate details. To deliver the T-CAT P click on " Deliver email "
The application will request your signature as a certificate operator accepting the delivery conditions of the service manager. Once read, press the " Accept " button.
Once this is done, a screen is displayed confirming that the delivery has been made and the certificate will appear in "Delivered".
Important: From this moment on, the holder has 10 days to download the certificate. If they do not download it within this period, it will be automatically revoked.
Application certificates:
To be able to deliver an application certificate, access the subscriber's folder in the " Pending to be delivered " section:
To search for the certificate you want to deliver, you can search using the magnifying glass located at the top right or by expanding the number of records per page:
Once you have located the certificate, download the delivery sheet from the " Actions " column (if you do not download the delivery sheet the tool will not allow you to download the certificate)
If you have already downloaded the delivery sheet, press the download icon
The following screen will then open showing the certificate details. To download the certificate, select the " Send email and download" button.
The application will request your signature as a certificate operator and show you the details of the certificate that will be generated next.
If your computer asks you if you want to open or save the file, it is very important to click “SAVE” at the time of download. When saving, the certificate will be saved in .p12 or .pfx format in the folder defined for downloads on the computer where the entire process was carried out.
Once saved, the certificate will be downloaded and will appear in "Delivered".
Once any type of certificate has been delivered or downloaded through the subscriber folder, the person responsible for the service has the possibility of downloading only the public key.
The public key is used to consult the data contained in the certificate, as well as to authorize the use of the certificate by third-party applications.
Below is more information on how to download the public key of a certificate from the subscriber's folder.