Create OSCP Certificate Profile

Post login, on the dashboard page, click on Manage Profiles->Certificate Profile sub-menu as shown in the below figure.

On the Manage Certificate Profile page, clicking on the ‘New Profile’ button will display the following page as shown below.

On the above page:

Select the OCSP radio button

Enter the Profile name

Enter validity in no. of days, hour, minutes and seconds.

Select the CA from the issuing CA dropdown.

Select the relevant signature algorithm

Subject DN:

Subject DN (Common name, Country, Email, organization etc.) attributes can be added by selecting the checkbox of the respective attribute. Once the attribute is selected, use the dropdown menu to define the relevant string from the options: Printable String, BitString, IA5String, BMPString, UTF8String

The option to make an attribute Mandatory (or) Optional is also provided

In addition to these options, the order of attributes can also be rearranged using the option next to Mandatory/optional

Optional: The option to customize OID is also offered. To add a custom Subject DN, click on the ‘+ Subject OID’ option

Enter a valid OID and select the corresponding values to include this OID in the Certificate creation process

X.509 Certificate Extensions:

The following is the list of extensions available for selection as part of the ‘X.509 Certificate Extensions’ section. To select a specific extension, select the ‘Use’ checkbox attached to the respective extension. For selected extensions, an option to mark a specific section as ‘Critical’ is also provided.

Choose the Key Usage from the dropdown. By default Key Agreement, Key Certificate, and CRL Sign will be selected

The Enhanced Key Usage extension (optional) indicates one or more purposes for which the certified public key may be used, in addition to the basic purposes indicated in the key usage. Select the Enhanced Key usage from the drop-down

The Authority key identifier extension (optional) provides a means of identifying the public key corresponding to the private key used to sign a certificate

The Issuer alternate name extension (optional) allows additional identities to be associated with the issuer of CRL

The Subject Key Identifier extension (mandatory) indicates how to access information and services for the subject of the certificate in which the extension appears

The Authority Information Access extension (optional) indicates how to access CA information and services for the issuer of the certificate in which the extension appears.

The subject alternative names extension (optional) allows additional identities to be bound to the subject of the certificate. It may include an email address, a DNS name, an IP address, and a uniform resource identifier (URI)

The CRL distribution points extension (optional) identifies how CRL information is obtained

The Certificate policy extension (mandatory) states the different entities of public key infrastructure (PKI), their roles, and their duties. Clicking on the (+) button will display a text box to enter the Certificate policy (Optional)

The Freshest URL extension (optional) identifies the CRL to which a certificate user should refer to obtain the freshest revocation information

The Subject information access extension (optional) indicates how to access information and services for the subject of the certificate in which the extension appears.

The Subject Directory Attributes extension (optional) is used to convey identification attributes of the subject

The OCSP No Revocation Checking extension (optional) aims to state the different entities of a Public Key Infrastructure (PKI), their roles and their duties

Once all the required details are selected, clicking on “Proceed” will display the following page.

In the above figure, the Admin should enter their Username and token PIN and click on the ‘Authenticate’ button. The admin credentials will be validated.

Clicking on the ‘Edit’ button will redirect the Admin to the first step with filled details where the Admin can modify the entered data

Once the validation is done, clicking on ‘Confirm’ will redirect to the next page as shown in the below figure.

Clicking on ‘View all’ will redirect the Administrator to the ‘Certificate Profiles’ page.

Clicking on ‘+ New’ will redirect the Administrator to the Enter Profile Details page of certificate Profile creation where the admin should be able to create a new certificate profile

The created certificate profile will be updated on the ‘Certificate Profiles’ page.