Step 2: Create Certificate Profile for SubCAs

In this step we will create a Certificate Profile for SubCAs which will be created in another EJBCA Hardware Appliance. This profile will be used when RootCA will sign SubCA’s certificate.

  1. Navigate to Administration pages.
  2. Click Certificate Profiles in the section CA Functions.
  3. For the SUBCA profile click Clone:

    Clone SUBCA
  4. Set Name of new certificate profile to SubCACertificateProfile.
  5. Click Create from template:

    Create from template
  6.  In the List of Certificate Profiles click Edit for SubCACertificateProfile:

    Edit Certificate Profile
  7. In the Edit form, make the following settings:

    • Available bit lengths: Set to 409
    • Validity(*y*mo*d) or end date of the certificate: Set to 5y
    • Path Length Constraint: Enable and set Value to 0
    • Key Usage: Enable Key certificate sign and CRL sign.
    • Available CAs (in section Other data): Select RootCA
  8. Click Save.