The following sections describe how to create certificate profiles for user and workstation.
Certificate Profiles are managed on the Manage Certificate Profiles page, opened by selecting Certificate Profiles under CA Functions.
Create User Certificate Profile
To create a User Certificate Profile, do the following:
- Under CA Functions, click Certificate Profiles.
- Add a new profile with the name Corporate User Certificate Profile.
- Click Edit on the newly created Corporate User Certificate Profile and specify the following:
- Available key algorithms: Select desired key algorithm, for example, RSA.
- Available bit lengths: Select desired bit lengths, for example, 2048-4096.
- Validity or end date of the certificate: Specify 3 years or desired.
- Extended Key Usages: Since creating a user profile, select the desired Extended Key Usages to allow these certificates to be used for. Recommended values are:
- Client Authentication
- Email Protection
- MS Smart Card Logon
- LDAP DN order: Clear Use.
- Available CAs: Select Corporate Issuing CA – G1.
- Click Save to save the User Certificate Profile.
Create Workstation Profile
To create a Workstation Certificate Profile, do the following:
- Click Back to Certificate Profiles (or under CA Functions, click Certificate Profiles).
- Add a new profile with the name Corporate Workstation Certificate Profile.
- Click Edit on the newly created Corporate Workstation Certificate Profile and specify the following:
- Available key algorithms: Select desired key algorithm, for example, RSA.
- Available bit lengths: Select desired bit lengths, for example, 2048, 3072 and 4096.
- Validity or end date of the certificate: Specify 3 years or desired.
- Extended Key Usages: Since creating a workstation/server profile, select the desired Extended Key Usages to allow these certificates to be used for: Recommended values are:
- MS Encrypted File System (EFS)
- Server Authentication
- LDAP DN order: Clear Use.
- Available CAs: Select Corporate Issuing CA – G1.
- Click Save to save the Workstation Certificate Profile.