Step 10: Create End Entities that use the SubCAs

After configuring CAs and profiles you can proceed with adding end entities that will use those SubCAs.
In a first step, end entities will be created with the values that are required depending on the End Entity Pofile. In a next step, you will go through the steps to Create Browser Certificate or to Create Keystore.

The following sections describe the actions you have to perform.

Create an End Entity that will use SSLCA

This section describes the creation of the end entities that will use SSLCA.

  1. Open RA Functions > Add End Entity.
  2. In the Add End Entity form enter the following values:

    • End Entity Profile: Select SSLCAEndEntityProfile
    • Username: Enter testsrv.course
    • Password: Enter foo123
    • Confirm Password: Enter foo123
    • CN, Common name: Enter testsrv.course
    • DNS Name: Enter testsrv.course
    • Certificate Profile: Select SSLCAEndEntityCertificateProfile
    • CA: Select SSLCA
    • Token: Select P12 file
  3. Click Add:

    Create End Entity for SSLCA
  4. Navigate to Public Web
  5. Open Enroll > Create Browser Certificate and enter the following credentials:

    • Username: Enter testsrv.course
    • Password: Enter foo123
  6. Click OK:

    Keystore Enrollment for testsrv.course
  7. For Key length select 2048 bits.

  8. Click Enroll:

    Enrollment for testsrv.course
  9. Save the testsrv.course.p12 keystore:

    Save testsrv.course.p12 file

Create an End Entity that will use AuthCA

This section describes the creation of the end entities that will use AuthCA.

  1. Open RA Functions > Add End Entity.
  2. In the Add End Entity form enter the following values:

    • End Entity Profile: Select AuthCAEndEntityProfile
    • Username: Enter Auth_User_1
    • Password: Enter foo123
    • Confirm Password: Enter foo123
    • CN, Common name: Enter Auth User 1
    • Certificate Profile:  Select AuthCAEndEntityCertificateProfile
    • CA: Select AuthCA
    • Token: Select P12 file
  3. Click  Add:

    Create End Entity for AuthCA


  4. Navigate to Public Web.

  5. Open Enroll > Create Keystore and enter the following credentials:

    • Username: Enter Auth_User_1
    • Password: Enter foo123
  6. Click OK:

    Browser Certificate for Auth_User_1
  7. For Key length select 2048 bits.

  8. For Certificate Profile select AuthCAEndEntityCertificateProfile.

  9. Click Enroll.

Create an End Entity that will use SignCA

This section describes the creation of the end entities that will use SignCA.

  1. Open RA Functions > Add End Entity.
  2. In the Add end entity form enter the following values:

    • End Entity Profile: Select SignCAEndEntityProfile
    • Username: Enter Sign_User_1
    • Password: Enter foo123
    • Confirm Password: Enter foo123
    • CN, Common name: Enter Sign User 1
    • Certificate Profile: Select SignCAEndEntityCertificateProfile
    • CA: Select SignCA
    • Token: Select User Generated
  3. Click Add.

  4. Navigate to Public Web

  5. Open Enroll > Create Browser Certificate and enter the following credentials:

    • Username: Enter Sign_User_1
    • Password: Enter foo123
  6. Click OK

  7. For Key length select 2048 bits

  8. For Certificate Profile select SignCAEndEntityCertificateProfile

  9. Click Enroll.