How to Issue Device Certificates

This how-to guide walks you through issuing device certificates at the time of production and how to design a birth certificate issuing process using the Identity Authority Manager (IdAM).

For demonstration purposes and to provide real examples, a fictional company named PrimeOne is used. Based on PrimeOne, the development of a certificate issuing process for device is demonstrated.

The guide walks you through issuing device certificates at the time of production in the following steps:

  • Trust Service Definition and Certificate Profiles - Explains the configured Certificate Profiles within the EJBCA at the Trust Service at PrimeOne.
  • Develop Issuing Process - Describes how to develop the Certificate Issuing Process and the necessary Interface Specification needed for the implementation.
    IdAM Installation.
  • IdAM Installation - Information on how the Identity Authority Manager (IdAM) is installed and put into operation.
  • Configure IdAM - How to configure IdAM in order to model the necessary issuing workflows.
  • Implement Process Workflow - Step-by-step instructions for implementing the process workflow by creating and defining rule chains.

You will get a detailed overview of how to design a certificate issuing process to enable certificates to be requested and inserted within a production process and get an understanding of using pre-configured CA profiles within the IdAM to model the process flow.

PrimeKey EJBCA Hardware Appliance is used as Trust Service in combination with the Identity Authority Manager (IdAM) to show how to implement the device certificate creation process from the conception phase, specification phase, to the implementation.

The provided specifications and rule-sets Sequence DiagramInterface Specification, and Profiles of Manufacturer Certificates for PrimeOne Products are to be used as examples when using this guide and are only for demonstration purposes.

This guide assumes that the trust service is up and running and that it is configured with all the certificates profiles and interfaces required for this project.