The following covers information on the Certificate Profiles configured in EJBCA Enterprise at the Trust Service.

To base the implementation on a deployment environment as real as possible, the examples in this guide use a fictitious company called PrimeOne. PrimeOne is a multinational business with headquarters in Stockholm Sweden. It is a conglomerate manufacturing, sales, and support organization with a wide range of products for different kinds of market segments.

Planned Infrastructure

As part of the product strategy, all PrimeOne products should be equipped with a unique digital identity. This identity should be created as part of the manufacturing process. Thus, it is necessary to provide an infrastructure that enables product certificates to be requested during production by the manufacturing sites of PrimeOne and also from suppliers. For this purpose, a central security Trust Service is set up within Amazon Web Services (AWS), providing a certificate issuing service as well as optional services such as signature generation or time-stamping services. 

The goal of the planned PrimeOne Infrastructure is to inject birth certificates in each PrimeOne product, which is produced by PrimeOne factories or suppliers. The certificates are to be requested directly within the manufacturing process and generated online by a central trust service. 

Next Step - Develop Sequence Diagram

Next, find information on how to define the implementation of the certificate issuance process, by developing a refined process in a Develop Sequence Diagram.