Follow the steps below to create an end entity profile suitable for SSL/TLS servers, such as web servers.
You should previously have created the certificate profile for SSL servers according to Create a Certificate Profile for SSL Servers.
- Under RA Functions, click Edit End Entity Profiles.
- Enter a name for your end entity profile, for example "SSLServerEndEntityProfile", and click Add.
- Select SSLServerEndEntityProfile and click Edit End Entity Profile.
- Under Subject DN Fields select O, Organization and click Add.
- At O, Organization enter EJBCA Edu, select required and clear the modifiable option.
- Under Subject DN Fields, select C, Country and click Add.
- At C, Country enter SE, select required and clear the modifiable option.
- Under Subject Alternative Fields, select DNS Name and click Add.
- Clear Use at Email Domain.
- Under Default Certificate Profile, select SSLServerCertificateProfile (created earlier).
- Under Available Certificate Profiles, select SSLServerEndEntityCertificateProfile.
- Under Default CA, select ManagementCA (the CA you use to issue server certificates).
- Under Available CAs, select ManagementCA (same as above).
- Under Default Token, select User Generated.
- Under Available Tokens, select User Generated, P12, JKS and PEM (Ctrl-click to select multiple).
- Click Save.