After configuring CAs and profiles you can proceed with adding end entities that will use those SubCAs.
In a first step, end entities will be created with the values that are required depending on the End Entity Pofile. In a next step, you will go through the steps to Create Browser Certificate or to Create Keystore.

The following sections describe the actions you have to perform.


Create an End Entity that will use SSLCA in Node A

This section describes the creation of the end entities that will use SSLCA.

  1. Open the EJBCA Administration.
  2. In the sidebar, in the RA Functions section, select Add End Entity.

  3. The EJBCA Enterprise opens a form: Add End Entity.
    There are some default settings in the various sections. We will not go into all entries, but only those where changes are required. For more information about the form, refer to Certificate Profiles Overview:

    • End Entity Profile: Select SSLCAEndEntityProfile
    • Username: Enter testsrv.course
    • Password: Enter foo123
    • Confirm Password: Enter foo123

      Subject DN Attributes:
    • CN, Common name: Enter testsrv.course



      Main Certificate Data:
    • Certificate Profile: Select SSLCAEndEntityCertificateProfile
    • CA: Select SSLCA

    • Token: Select P12 file

    • Select Add.


    • Open the RA Web GUI.
    • From the top menu click the drop-down menu for Enroll.
    • Select Use Username from the drop down menu. Make the following entries:




    • Username: enter testsrv.course
    • Enrollment code: enter foo123
    • Click Check to continue.





    • For Key algorithm select RSA 2048 bits.
    • Click Download PKCS#12 to continue.





Create an End Entity that will use AuthCA in Node A

This section describes the creation of the end entities that will use AuthCA.

  1. Open the RA Web GUI.
  2. From the top menu click the drop-down menu for Enroll.
  3. Select Make new Request from the drop down menu. Make the following entries:

    In the Make Request form

    • Certificate Type: select AuthCAEndEntityCertificateProfile from the drop down menu
    • Key-pair generation: check By the CA
    • select the Key algorithm: select from the drop down menu
      (we chose RSA 2048 bits)



    The section Provide request info opens:

    • CN, Common name: enter Auth User 1
    • Only the fields with * are required. You can click on Show more optional fields for more options.


    The section Provide User Credentials:

    • Username: enter Auth User 1
    • Enrollment code: enter foo123
    • Confirm enrollment code: enter foo123



    • At the end of the page click Download PKCS#12 to finish.


Create an End Entity that will use SignCA in Node A

This section describes the creation of the end entities that will use SignCA.

  1. Open EJBCA RA Web.
  2. From the top menu click the drop-down menu for Enroll.

  3. Select Make New Request from the drop down menu.





  4. Make the following entries in the Make Request form. The selection and entry fields are automatically expanded.
    Section Select Request Template:
    Certificate Type:     select SignCAEndEntityProfile from the drop-down menu.
    Key-pair generation:     make sure By the CA is activated.

  5. Section Select key algorithm:
    Use the drop down menu to select Key algorithm.



  6. Section Provide request info:
    Required Subject DN Attributes
    CN, Common Name    : enter Sign User 1
    This is the only entry required. You can expand the field for Show more optional fields.



  7. Section Provide User Credentials:
    Username    : enter Sign_User_1
    Enrollment code: enter foo123
    Confirm enrollment code    : enter foo123



  8. Section Confirm request:
    In this last field you can control your entries.
    At the end of the page click Download PKCS#12 to finish.