End Entities Overview

This Overview covers the concepts of End Entities in the following sections. For more information about how to manage End Entities, see End Entities Operations.

An end entity is the basic holder and owner of a certificate, whether this is an actual person, a device, a subCA or a component like an OCSP responder. An end entity is always owned by a Certificate Authority, and the certificates issued to it are defined by a single Certificate Profile. In order for administrators to limit the enrollment options for users (predefining, forbidding or requiring certain fields), each end entity also conforms to an End Entity Profile. Multiple end entities can share the same profile, so it can be set to be available for multiple CAs and multiple certificate profiles.

The End Entity Profile Fields are defined in their own page, and besides the constraints mentioned previously the values can also be restricted via regular expressions. There are some use cases where the CA should produce the key pairs on the user's behalf (instead of just signing a CSR), and in those, the key pair can be saved (encrypted in PKCS#12) in the database, allowing later key recovery.