Step 8: Create Certificate Profiles for End Entities that use the SubCAs

Certificate Profiles define different types of certificates, with regards to DN-contents, extensions etc.
Create Certificate Profiles for the End Entities that will use the SubCAs (SignCA, AuthCA, SSLCA) you created in the previous steps.

The following sections describe the actions you have to perform.

Create Certificate Profile for End Entities that will use AuthCA

This section describes the creation of the Certificate Profile for the End Entities that will use AuthCA.

  1. Open CA Functions > Certificate Profiles.
  2. Enter AuthCAEndEntityCertificateProfile in the text field underneath the table.
  3. Click Add:

    Create Certificate Profile for AuthCA
  4. Make the following entries:

    • Type: Select End Entity
    • Available bit lengths: Select 2048 bits
    • Signature Algorithm: Select Inherit from issuing CA
    • Validity: Enter 730d

      Section 'Key usage'
    • Enable Digital Signature
    • Enable Key ecipherment

      Section 'Key usage'
    • Enable Use and select Client Authentication

      Section 'Other data'
    • Available CAs: Select AuthCA

    Certificate Profile Settings for AuthCA
  5. Click Save:

    Certificate Profile Settings for AuthCA 2

Create Certificate Profile for End Entities that will use SignCA

This section describes the creation of the Certificate Profile for the End Entities that will use SignCA

  1. Open CA Functions > Certificate Profiles.
  2. Enter SignCAEndEntityCertificateProfile in the text field underneath the table.
  3. Click Add:

    Create Certificate Profile for SignCA
  4. Make the following entries:

    • Type: Select End Entity
    • Available bit lengths: Select 2048 bits
    • Signature Algorithm: Select Inherit from issuing CA
    • Validity: Enter 730d

      Section 'Key Usage'
    • Enable Digital Signature
    • Enable Non-repudiation

      Section 'Extended Key Usage'
    • Disable Use

      Section 'Other data'
    • Available CAs: Select SignCA
  5. Click Save

    Certificate Profile Settings for SignCA cont


Create Certificate Profile for End Entities that will use SSLCA

This section describes the creation of the certificate profile for the end entities that will use SSLCA. For that purpose you will clone a template.

  1. Open CA Functions > Certificate Profiles.
  2. Click Clone for SERVER.
  3. In the field Name of the new certificate profile enter SSLCAEndEntityCertificateProfile.
  4. Click Create from template:

    Clone Certificate Profile for SSLCA
  5. In Certificate Profiles, click Edit for the newly created profile.
  6. Make the following entries:

    • Type: Select End Entity
    • Available bit lengths: Select 2048 bits
    • Signature Algorithm: Select Inherit from issuing CA
    • Validity: Enter 730d
    • Key Usage: Enable Digital Signature
    • Extended Usage: Select Server Authentication

      Section Other data
    • Available CAs: Select SSLCA
  7. Click Save:

    Certificate Profile X.509 extensions Settings for SSLCA