Step 8: Create Certificate Profiles for End Entities that use the SubCAs in Node A

Certificate Profiles define different types of certificates, with regards to DN-contents, extensions etc.
Create Certificate Profiles for the End Entities that will use the SubCAs (SignCA, AuthCA, SSLCA) you created in the previous steps.

The following sections describe the actions you have to perform.

Create Certificate Profile for End Entities that will use AuthCA in Node A

This section describes the creation of the Certificate Profile for the End Entities that will use AuthCA.

1. Open CA Functions > Certificate Profiles.
2. Enter AuthCAEndEntityCertificateProfile in the text field underneath the table.

3. Click Add:
   
   

4. AuthCAEndEntityCertificateProfile  is now listed in the List of Certificate Profiles. Search the entry and click Edit.

5. The Edit window for AuthCAEndEntityCertificate Profile opens. Only the required entries are highlighted. All other settings can be applied. Make the following entries:

   • Type: Select End Entity
   • Available Key Algorithms:
     
   • Available ECDSA curves:
   • Available bit lengths: Select 2048 bits
   • Signature Algorithm: Select Inherit from issuing CA
     
   • Validity: Enter 730d
     
     

   • Section 'Key usage'
     Enable: Use and Critical
     Enable Digital Signature
     Enable Key encipherment
     
     

   • Section 'Extended Key usage'
     Enable Use and select Client Authentication
     
     

   • Section 'Other data'
     Available CAs: Select AuthCA
     
     

6. Click Save to finish.

Create Certificate Profile for End Entities that will use SignCA in Node A

This section describes the creation of the Certificate Profile for the End Entities that will use SignCA

1. Open CA Functions > Certificate Profiles.
2. Enter SignCAEndEntityCertificateProfile in the text field underneath the table.

3. Click Add:
   
   

4. Make the following entries:

   
   

   • Type: Select End Entity
   • Available bit lengths: Select 2048 bits
   • Signature Algorithm: Select Inherit from issuing CA
   • Validity: Enter 730d
     
     Section 'Key Usage'
   • Enable Digital Signature
   • Enable Non-repudiation
     
     Section 'Extended Key Usage'
   • Disable Use
     
     Section 'Other data'

   • Available CAs: Select SignCA
     
     

5. Confirm your entries with Save.
   

Create Certificate Profile for End Entities that will use SSLCA in Node A

This section describes the creation of the certificate profile for the end entities that will use SSLCA. For that purpose you will clone a template.

1. Open CA Functions > Certificate Profiles.
2. Click Clone for SERVER.
3. In the field Name of the new certificate profile enter SSLCAEndEntityCertificateProfile.

4. Click Create from template:
   

5. In Certificate Profiles, click Edit for the newly created profile.

6. Make the following entries:

   • Type: Select End Entity
   • Available bit lengths: Select 2048 bits
   • Signature Algorithm: Select Inherit from issuing CA
     
   • Validity: Enter 730d
   • Key Usage: Enable Digital Signature
   • Extended Usage: Select Server Authentication
     
     Section Other data

   • Available CAs: Select SSLCA
     
     

     
     
     

7. Confirm your entries with Save.