Audience: VeriPath operations staff. This guide covers the AES Portal admin functions at
aes.veripath.co.uk.Clinic staff do not need to access these functions — all prescribing activities happen within the GP Booking App.
The admin dashboard (/admin) provides an overview of system health:
Path: /admin/pharmacies
Pharmacies are pre-loaded from NHS data. The dashboard allows viewing and managing delivery details for existing pharmacies.
If a pharmacy is missing from the directory:
| Field | Description |
|---|---|
| Name | Pharmacy name (e.g. "Boots Pharmacy — Oxford St") |
| Address | Full postal address |
| ODS Code | NHS Organisation Data Service code |
| Contact Email | Primary contact email for delivery |
| Contact Phone | Contact telephone number |
| Delivery Endpoint | HTTPS URL for electronic prescription delivery |
| Active | Toggle to enable/disable this pharmacy in prescription forms |
Path: /admin/certificates
| State | Description |
|---|---|
| Active | Certificate issued and valid |
| Expiring | Within 30 days of expiry (renewal recommended) |
| Expired | Past validity date; cannot be used for signing |
| Revoked | Manually revoked; added to CRL |
Certificates are issued via the PKI API. See the Getting Started guide for the API call.
The dashboard shows all issued certificates and their status. To issue via the admin UI (if enabled):
get_full_name() in the GP Booking App exactly)id-kp-digitalSignatureCertificates should be renewed before expiry to avoid signing disruptions:
Revoke a certificate if:
The CRL is automatically embedded in all future PAdES-B-LTA signed documents.
Path: /admin/delivery
The delivery dashboard shows all dispatched prescriptions and their delivery status:
| Status | Description |
|---|---|
| Pending | Prescription signed and queued for delivery |
| Delivered | Successfully received by the pharmacy |
| Failed | Delivery unsuccessful after 3 retry attempts |
If a delivery has failed:
All transmission attempts are logged in the audit trail.
Path: /admin/audit
The audit log provides a tamper-evident, hash-chained record of all system events. The AES Portal maintains two audit files:
audit.jsonl — Human-readable event log (JSON lines, one event per line)audit_chain.jsonl — Hash-chained log where each entry contains prev_hash linking to the preceding entry, forming a verifiable SHA-256 chain| Event Type | Description |
|---|---|
prescription_signed |
A prescription was signed with full actor evidence (sub, acr, IP, UA) |
prescription_pdf_downloaded |
PDF download with chain-of-custody (actor, IP, User-Agent, PDF SHA-256) |
evidence_summary_downloaded |
Evidence Summary exported |
prescription_delivered |
Delivery confirmed by pharmacy |
delivery_failed |
Delivery permanently failed (with error reason) |
delivery_retry |
Manual retry triggered by admin |
system_startup |
AES Portal service started |
The dashboard displays the chain integrity status:
Chain verification runs automatically on page load.
The audit view supports:
All audit events include: