In this step, we create a Certificate Profile for the SubCAs in (Node B). These SubCAs are created in another EJBCA Hardware Appliance (Node A). This profile is used when the RootCA signs the SubCA’s certificate.
- Open EJBCA Enterprise.
- In the sidebar, in the CA Functions section, select Certificate Profiles.
For the SUBCA profile click Clone:
- Set Name of new certificate profile to SubCACertificateProfile.
Click Create from template.
In the List of Certificate Profiles click Edit for SubCACertificateProfile:
In the Edit form, make the following settings:
- Available bit lengths: Select 4096 only
- Validity or end date of the certificate: Set to 5y
- Path Length Constraint: Enable and set Value to 0
- Key Usage: Enable Key certificate sign and CRL sign.
- Available CAs (in section Other data): Select RootCA
- Click Save to proceed.