Create CA Self Signed Certificate

To create a CA Self-Signed Certificate profile, click on Manage Profiles -> Certificate Profile on the home page. The following screen will be displayed.

In the above screen, click on the ‘New Profile’ button. The below page to create a new profile will be displayed.

In the above create a certificate profile page:

By default, the “CA” radio button will be selected

Enter the Profile name

Enter validity in no. of days, Hours, minutes, and seconds.

Choose Issuing CA as self-signed from the dropdown

Select the relevant signature algorithm

Selecting the ‘Is Link check Enabled’ checkbox will allow the user to create a Certificate only if the pre-defined Certificate standards are met.

Subject DN (Common name, Country, Email, organization, etc.) attributes can be added by selecting the checkbox of the respective attribute. Once the attribute is selected, use the dropdown menu to define the relevant string from the options: Printable String, BitString, IA5String, BMPString, and UTF8String.

The option to make an attribute Mandatory (or) Optional is also provided

In addition to these options, the order of attributes can also be rearranged using the option next to Mandatory/optional

Optional: The option to customize OID is also offered. To add a custom Subject DN, click on the ‘+ Subject OID’ option

Enter a valid OID and select the corresponding values to include this OID in the Certificate creation process

The following is the list of extensions available for selection as part of the ‘X.509 Certificate Extensions’ section. To select a specific extension, select the ‘Use’ checkbox attached to the respective extension. In addition it, for selected extensions, an option to mark a specific section as ‘Critical’ is also provided.

Basic Constraint (mandatory) - By default Basic Constraint “None” is selected, and the Administrator can select from 0 to 6 to maintain that many number of sub CA’s or maintain certificate hierarchy. This option will be enabled only for ‘CA Admin’.

Key Usage (mandatory) - Choose the key Usage from dropdown. At least one key should be selected

The authority key identifier extension (optional) provides a means of identifying the public key corresponding to the private key used to sign a certificate

The Issuer alternate name extension (optional) allows additional identities to be associated with the issuer of CRL

The Subject Key Identifier extension (mandatory) indicates how to access information and services for the subject of the certificate in which the extension appears

Authority Information Access extension (optional) indicates how to access CA information and services for the issuer of the certificate in which the extension appears.

The subject alternative names extension (optional) allows additional identities to be bound to the certificate's subject. It may include an email address, a DNS name, an IP address, and a uniform resource identifier (URI)

The CRL distribution points extension (optional) identifies how CRL information is obtained

The Certificate policy extension (mandatory) states the different entities of public key infrastructure (PKI), their roles, and their duties. Clicking on the (+) button will display a text box to enter the Certificate policy. (Optional)

The Policy mapping extension (optional) lists one (or) more pairs of OIDs; each pair includes an ‘issuerDomainPolicy’ and a ‘subjectDomainPolicy’. The pairing indicates the issuing CA considers its ‘issuerDomainPolicy’ equivalent to the subject CA’s ‘subjectDomainPolicy’

The Policy Constraints extension (optional) can be used to prohibit policy mapping (or) require that each certificate in a path contain an acceptable policy identifier

The Inhibit any policy extension (optional) indicates that the special ‘anyPolicy’ OID with the value is not considered an explicit match for other certificate policies

The Freshest URL extension (optional) identifies the CRL to which a certificate user should refer to obtain the freshest revocation information

The Subject information access extension (optional) indicates how to access information and services for the subject of the certificate in which the extension appears.

The Subject Directory Attributes extension (optional) is used to convey identification attributes of the subject

Once all the required details are selected, clicking “Proceed” will display the following page.

In Fig 61, the Admin should enter their Username and token PIN and click on the ‘Authenticate’ button. The admin credentials will be validated

Clicking on the ‘Edit’ button will redirect the Admin to the first step with filled details where Admin can modify the entered data

Once the validation is done, clicking on “Confirm” will redirect to the next page as shown in below figure.

Clicking on ‘View all’ will redirect the Administrator to the ‘Certificate Profiles’ page.

Clicking on ‘+ New’ will redirect the Administrator to the Enter Profile Details page of certificate Profile creation where admin should be able to create a new certificate profile.

The created certificate profile will be updated on the ‘Certificate Profiles’ page.

Last updated