Create a Certificate Profile for SSL Servers

The following describes how to create Certificate Profiles for server certificates.

You can create a new Certificate Profile by adding a new profile or clone an existing profile to use that as template.

Create Certificate Profile for Server Certificates

To create a certificate profile suitable for SSL/TLS servers, such as web servers, do the following:

  1. Click Certificate Profiles under CA Functions to open the Manage Certificate Profiles page.
  2. Specify a name for the certificate profile, for example SSLServerCertificateProfile, and click Add.
  3. Find your new SSLServerCertificateProfile in the List of Certificate Profiles, and click Edit.

  4. Edit the settings according to the following:
    • In Type, select End Entity.
    • In Available bit lengths, select 1024 bit, 2048 bit and 4096 bit.
    • In the Validity field, enter 365d to specify the validity of the certificate to 1 year.
    • Scroll down to Permissions, and ensure that the Allow Key Usage Override option is cleared.
    • Scroll down to Key Usage and select Digital Signature and Key encipherment.
    • Select Use Extended Key Usage.
    • Enable Extended Key Usage and select Server Authentication.
    • Scroll down to Other Data and in the Available CAs list, select your CA ManagementCA, thus the CA you use to issue server certificates.
  5. Click Save to store the settings and view the new certificate profile in the list.

Create Certificate Profile for Server Certificates from Template

You can create a new Certificate Profile by cloning a default template or any other existing Certificate Profile. The Manage Certificate Profiles page (CA Functions > Certificate Profiles) displays all available profiles and lists the default profiles at the top of the List of Certificate Profiles list, followed by any existing Certificate Profiles created.

To create a new Certificate Profile using an existing profile as template, do the following:

  1. Click Certificate Profiles under CA Functions to open the Manage Certificate Profiles page.
  2. Find the Certificate Profile to use as template, for example the default SERVER template, and click Clone.
  3. In the Clone screen that appears, specify a name for your new Certificate Profile, for example SSLServerCertificateProfile, and click Create from template.

  4. Find your new SSLServerCertificateProfile in the List of Certificate Profiles, and click Edit to make any changes.