Skip to main content

Enrol with the DCS certificate authority

You must enrol with the DCS certificate authority (CA) before you can raise certificate signing requests (CSRs).

You will need to sign your contract for the DCS pilot before you will be allowed to enrol with the CA. Contact DCS support if you need help with your contract.

To help you enrol, the DCS CA needs contact information for certain people within your organisation.

  1. Provide details for a lead contact.
  2. Understand the roles and responsibilities of certificate management.
  3. Provide details for your certificate requesters and approvers.
  4. Provide details for a group inbox.

Provide details for a lead contact

You need to provide contact details for a lead contact within your organisation.

This person needs to be in a relatively senior role, for example, a service manager or programme lead.

The lead contact will need to send an email to idappki@digital.cabinet-office.gov.uk confirming their:

  • first name
  • last name
  • email address
  • telephone number

Understand the roles and responsibilities of certificate management

Once you have provided contact details for a lead contact, the DCS CA will send some documents to the lead contact. These documents outline the responsibilities of certificate management, for example how to raise certificate signing requests and certificate compliance.

Warning For security reasons, these documents must not be shared with anyone other than the lead contact and the certificate requesters and approvers the lead contact chooses.

Provide details for your certificate requesters and approvers

Once the DCS CA has the lead contact’s details, the DCS CA will ask the lead contact to choose at least 2 people for each of the following roles:

  • certificate requesters - the people who will raise your CSRs (for security reasons, you should keep the number of requesters to a minimum)
  • approvers who will approve your CSRs - approvers must be in a senior role within your organisation, for example, a project manager with responsibility for security

Certificate requesters and approvers must be different people.

The lead contact will need to send an email to idappki@digital.cabinet-office.gov.uk confirming the requesters’ and approvers’:

  • first names
  • last names
  • email addresses
  • telephone numbers

Make sure the requesters know who the approvers are, and the approvers know who the requesters are.

Confirming your certificate requesters and approvers

After the lead contact sends the contact details for the certificate requesters and approvers, the DCS CA performs 2 checks.

  1. The DCS CA rings the approvers on the approvers’ registered phone numbers and asks the approvers to confirm who the requesters are.
  2. The DCS CA rings the certificate requesters on the certificate requesters’ registered phone numbers and asks the requesters to confirm who the approvers are.

Once the DCS CA has confirmation from the certificate requesters and approvers, they will add these details to their list of approved requesters and approvers.

If the DCS CA receives a certificate signing request from someone who is not an approved requester, the DCS CA will not issue a certificate.

Provide details for a group inbox

Setting up a group inbox is optional but will help make sure you receive your certificates and renewal notices if your requesters or approvers are not available.

If you set up a group inbox, the lead contact should send an email to idappki@digital.cabinet-office.gov.uk confirming the group inbox address.

This page was last reviewed on 11 November 2020.