How emCA Works ?

This section outlines steps that can be followed in general for setting up of a Certifying Authority whether it is self-signed or signed by external root CA in emCA application for issuance of digital certificates to users and devices. This includes:

Creation of users: The CA Administrator has to create an Administrator and then the Administrator has to create other users such as Officers, and Auditors. This is done by CA Administrator who is the Root administrator.

Create Key Profile: The administrator has to create the key profile using the profile management option available in the emCA Application. This is required for defining where the key pair has to be stored. For user certificates, the key profile has to be created for tokens, and for CA Certificates, the key profile can be created for HSM (Hardware Security Module). The same key profile is used during certificate profile creation. This activity is done by the user with the Administrator role.

Create CA Certificate Profile: Here initially certificate profile has to be created for CA Certificate. This activity is done by the user with the Administrator.

Generation of CA Certificate: Once the certificate profile for a CA is generated, the CA Certificate is generated based on the profile. This can be self-signed or signed by an external Root CA. Based on the key profile mapped to the Certificate profile, the CA’s key pair is either stored on the HSM or any other device. This activity is done by the user with the Officer role.

Generation of Sub CA/ Issuing CA (OPTIONAL): This is an optional activity. Based on the requirement, the Officer can generate a sub-CA or issuing CA signed with either Root CA. This activity is done by the user with Officer role.

Configure CRL: Once the CA and Sub/Issuing CAs are generated, the Officer has to configure CRL for each of the CA or Sub CA or Issuing CA. This activity is done by the user with Officer role.

Create User Certificate Profile: Once the CA certificate is successfully generated and stored then later User certificate profiles can be created based on the requirement such as a signing certificate profile, encryption certificate profile, SSL certificate profile, Code signing certificate profile, Document signer certificate profile etc. This activity is done by the user with the Administrator role.