Configure Certificates

The following provides the Certificate Profiles specification used for setting up the CA certificates of the Product PKI and lists the configuration for the certificate profiles and the Certificate Management Protocol (CMP) alias.

A certificate profile defines the constraints of the certificate, for example, what keys it can use, and what the extensions will be. For more information on how to use the EJBCA Enterprise Manage Certificate Profiles page to create and edit certificate profiles, see the EJBCA Documentation Managing Certificate Profiles.

PrimeOne Product A Root CA

This Root CA Certificate shall be the common root certificates for all Product A issuing CAs.

Field name

Content

Comment

Type

Root CA

 

Serial Number

Integer

Set by the root CA

Signature Algo.

SHA512 with ECDSA

 

Validity

15 years

 

Subject

CN=PrimeOne Product A Root CA
O=PrimeOne
OU=PrimeOne 2020
C=DE

 

Key Usage

keyCertSign, CRLsign

 

Subject public key info

ec,secp521r,public key

Set by root CA

Authority Key Identifier

Key Identifier of public Key

Set by root CA

Subject Key Identifier

Key Identifier of public Key

Set by root CA

PrimeOne Product A Issuing CA

This is the certificates of the Product A Issuing CA which issues the PrimeOne manufacturer certificates for the Product A.

Field name

Content

Comment

Type

Sub CA

 

Serial Number

Integer

Set by root CA

Signature Algo.

SHA512 with ECDSA

 

Validity

[creation date] plus 12 years

 

Subject

CN=PrimeOne Product A Issuing CA
O=PrimeKey
OU=PrimeOne 2020
C=DE

 

Key Usage

digital Signature, keyCertSign, CRLsign

 

Subject public key info

ec,secp521r,public key

Set by root CA

Authority Key Identifier

Key Identifier of public Key

Set by root CA

Subject Key Identifier

Key Identifier of public Key

Set by root CA

PrimeOne Product A manufacturer Certificates

This is the Certificates Profile of the individual Product A devices. The manufacture certificate is used to authenticate the corresponding device. The Subject name of the Certificate combined with the public key stored in the subject public key info field shall uniquely identify the device, which holds the private key.

Field name

Content

Comment

Type

End Entity

 

Serial Number

Integer

Set by Product A Issuing CA

Signature Algo.

SHA512 with ECDSA

 

Issuer

Subject DN of Issuing CA

Set by Product A Issuing CA

Validity

[creation date] plus 10 years

 

Subject

CN=Article Name
serial Number = (printable String)
O=PrimeOne
C=DE
unstructuredAddress=
MACAddress=
    [xx-xx-xx-xx-xx-xx]
(up to 5 MAC addresses)

Article Name and serial Number as set in the device, has to be verified with the leading system

unstructuredAddress field will be set by the device specific MAC addresses. The order is not defined.

Key Usage

DigitalSign, Key agreement



Subject public key info

ec,secp521r,public key

Set by Product A Issuing CA

Authority Key Identifier

Key Identifier of public Key

Set by Product A Issuing CA

Subject Key Identifier

Key Identifier of public Key

Set by Product A Issuing CA

CMP Alias

Field name

Content

Name

PrimeProductCert_CMP

CMP Operational Mode

RA Mode

CMP Authentication Module

CA Shared Secret

EndEntityCert Issuing CA

PrimeOne Product A Issuing CA

RA Verify Proof-of-Possession

Allow

RA Name Generation Scheme

DN; CN

RA End Entity Profile

PrimeOneProductACertificate_EE

RA Certificate Profile

PrimeOneProductACertificates

RA CA Name

PrimeOne Product A Issuing CA

Certificate renewal with same key

Allow