. To Organisation Assurance Handbook
How to delete an Organisation Account?
When the request for deletion of an Organisation Account (OAcc) reaches OA team/Support it need to be clarified if only the last Organisation Administrator (OrgAdmin) leaves the organisation or if the account should be closed completely (aka CCA-termination).
The last OrgAdmin leaves the organisation
The OAcc can be left orphaned until a new OrgAdmin is nominated.
The steps 1-4 needs to be followed.
- The Organisation Account shall be deleted
- All steps need to be followed.
OA part
Removal of last Organisation Administrator
1. The last OrgAdmin is asked to revoke all existing org client and org server certificates
Dear <Username>, CAcert reached the request that you want to be deleted as Organisation Adminstrator for the organisation <organisation name>. Please confirm this request with your primary email address of your CAcert account and sign it with your CARS statement. [1] As you are the last remaining Organisation Adminsitrator you need to do some actions before you can be removed from the organisation account. Please revoke ALL organisation client certificates and ALL organisation server certificates. Please reply to this mail when you revoked organisation certifictes. After a retention time of three months you will be removed as Organisation Administrator from the organisation acccount of <organisation name>. This retention time is given by arbitration ruling. [2] [1] http://wiki.cacert.org/CARS [2] http://wiki.cacert.org/Arbitrations/Training/Lesson20#CCATermCalc BR
2. OA asks Support to verify that all organisation certificates are revoked
Hi support, in the course of a the removal of a last Organisation Admistrator from the organisation account of <organisation name> coming from the ticket <Ticket No> I need your help. Please give me the information about the organisation client and server certificates visible in the account of <Username>, <Primary email address>. BR
3. OA informs Organisation Adminsitrator and Organisation account contact about the retention time
Dear <usernames>, the removal of <username> as Organisation Administrator for the organisation account of <organisation name> will be done after the <yyyy-mm-dd> which is 3 month after the last exipring date of any organisation certifictaes. BR
4. After the retention time OA removes the OrgAdmin from the account and informs the OrgAdmin and the account contact.
Dear <usernames>, you have been removed as Organisation Administrator for the organisation account of <organisation name>. BR
Removal of Organisation Account
5. After the retention time an OA removes the domains from the organisation account.
6. OA deletes the Organisation Account and informs the account contact about the last step of the removal
Dear <usernames>, the organisation account of <organisation name> is now finaly removed. BR
7. OA adds the ticket number to the precedent case aXXXX to record the deletion of the account.
Support part
Hi, here is the requested information about the organisation certificate status in the account of <Username>, <Primary email address>: Certificates Cert Type: Total Valid Expired Revoked Latest Expire Org Server: x x x yyyy-mm-dd yyyy-mm-dd Org Client: y y y yyyy-mm-dd yyyy-mm-dd BR
Related documentents
https://wiki.cacert.org/Arbitrations/a20120121.1
Hints / Ideas
What is visible in the cerificates overview of an OrgAdmin if the OrgAdmin is nominated as OrgAdmin for 2 organisations?
step 1: instruct Org-Admin to remove all org related certs (no info yet, that he is also org-admin for another org) step 2: request to support, to send the org certs overview as seen in admin console list still shows active certs (Org-Admin cannot be removed, so we are save at this step)
step 3: question by OA to Org-Admin, if he did revoked all certs for the organisation in question, and if he is org-admin for another domain? if yes, Org-admin shall report, how many active Org client certs, and how many active server certs he has in the other Organisation
step 4: compare results given by answer from support (step 2) and the answers given by Org-Admin in step 3
i.e. Org A: Org-Admin removal request, 5 revoked Org client certs, 2 revoked Org server certs Org B: addtl. org where Org-admin works for: 7 active Org client certs, 3 active Org server certs
Summary from Support: 7 active/12 revoked Org client certs, 3 active/5 revoked Org server certs from Org-Admin: 7 active Org client certs on Org B, 3 active Org server certs on Org B
so the revoked ones fits into the report from Support
Suggestion: Create a view about the certificate status for the organisation account visible for all OrgAdmin and OA (INOPIAE 2012-05-04)
2012-05-05 UlrichSchroeter
this is subject to a new software bug one potential solution: enhance the Organisation Overview page with a link https://cacert1.it-sls.de/account.php?id=25 Organisation Domains Admins Edit CertsStat Delete Wiamail, DE Domains (2) Admins (2) Edit CertsStat Delete ^^^^^^^^^ and recycle the show Org client certs, show Org server certs status routine of an Organisation from the Support-Engineer console (43.php) to a subpage: Certificates Cert Type: Total Valid Expired Revoked Latest Expire Server: 1 1 0 0 2013-04-30 Client: 3 3 0 0 2013-04-30 GPG: None > Org Server: 2 1 0 1 2013-04-30 > Org Client: 17 10 7 2 2012-10-03 by removing the Server, Client and GPG part Org-Admins can view Org Client and Org Server certs through their Org Client certs - view https://cacert1.it-sls.de/account.php?id=18 and Org Server certs - view https://cacert1.it-sls.de/account.php?id=22