Step 9: Create End Entity Profiles for SubCAs

End entity profiles define which parts of the user DN will be registered for various types of end entities. It defines, for example, the preset part and the part that can be altered. It also contains other information for issuing certificates, that is specific to each individual end entity. For each SubCA you will configure a different end entity profile.

The following sections describe the actions you have to perform.

Create End Entity Profile for AuthCA

This section describes the creation of the end entity profile for the end entities that will use AuthCA.

  1. Open RA Functions > End Entity Profiles.
  2. In the field Add Profile enter AuthCAEndEntityProfile .
  3. Click Add.
  4. In the list List of End Entity Profiles select AuthCAEndEntityProfile.
  5. Click Edit End Entity Profile:

    Create End Entity Profile for AuthCA


  6. In the Edit form make the following entries:

    • Subject DN Attributes: Enter the appropriate value and click Add
    • CN, Common name: Enable Modifiable
    • O, Organization: Enable Required and enter EJBCA Course
    • C, Country (ISO 3166): Enable Required and enter SE

      Section Main Certificate Data
    • Default Certificate Profile: Select AuthCAEndEntityCertificateProfile
    • Available Certificate Profile: Select AuthCAEndEntityCertificateProfile
    • Default CA: Select AuthCA
    • Available CA: Select AuthCA
    • Default Token: Select User generated
    • Available Tokens: Select User generated and P12 file

    Subject DN Attributes for AuthCA End Entity Profile
  7. Click Save:

Create End Entity Profile for SignCA

This section involves the creation of the End Entity Profile for the End Entities that will use SignCA.

  1. Click on End Entity Profiles under RA Functions.
  2. Write SignCAEndEntityProfile in Add Profile text field.
  3. Click Add .
  4. Highlight SignCAEndEntityProfile from List of End Entity Profiles.
  5. Click Edit End Entity Profile:

    Create End Entity Profile for SignCA
  6. In the Edit form make the following entries:

    • Subject DN Attributes: Enter the appropriate value and click Add
    • CN, Common name: Enable Modifiable
    • O, Organization: Enable Required and enter EJBCA Course
    • C, Country (ISO 3166): Enable Required and enter SE

      Section Main Certificate Data
    • Default Certificate Profile: Select SignCAEndEntityCertificateProfile
    • Available Certificate Profile: Select SignCAEndEntityCertificateProfile
    • Default CA: Select SignCA
    • Available CA: Select SignCA
    • Default Token: Select User generated
    • Available Tokens: Select User generated

    Subject DN Attributes for SignCA End Entity Profile

    Remember that we have used Non-repudiation in its certificate profile. That ensures that users only are responsible for the creation and storage of their public key in a smart card. Compare section Create Certificate Profile for End Entities that will use SignCA.

  7. Click Save

Create End Entity Profile for SSLCA

This section describes the creation of the end entity profile for the end entities that will use SSLCA.

  1. Open RA Functions > End Entity Profiles.
  2. In the Add Profile field enter SSLCAEndEntityProfile.
  3. Select SslServerProfile and click Use selected as template.
  4. Select SSLCAEndEntityProfile from the list List of End Entity Profiles and click Edit End Entity Profile:

    Clone End Entity Profile for SSLCA
  5. In the Edit form, make the following entries:

    • Subject DN Attributes: Enter the appropriate value and click Add
    • CN, Common name: Enable Modifiable
    • O, Organization: Enable Required and enter EJBCA Course
    • C, Country (ISO 3166): Enable Required and enter SE

      Section Main Certificate Data
    • Default Certificate Profile: Select SSLCAEndEntityCertificateProfile
    • Available Certificate Profile: Select SSLCAEndEntityCertificateProfile
    • Default CA: Select SSLCA
    • Available CA: Select SSLCA
    • Default Token: Select User generated
    • Available Tokens: Select P12 file, User Generated, JKS file, and PEM file

    Subject DN Attributes for SSLCA End Entity Profile


  6. Click Save