Create User Certificate Profile

Post login, click on the Manage Profiles->Certificate Profile sub-menu on the dashboard page, as shown below.

On the Manage Certificate Profile page, click on the ‘+ New Profile’ button will display the below page.

In the Create/Edit/Clone profile page:

Select ‘User’ radio button

Enter the Profile name

Enter validity in terms of days, Hours, Minutes, and Seconds. The certificate created using this profile will have the selected validity

Choose Issuing CA as Sub CA certificate created from dropdown

Choose the relevant Signature algorithm from the dropdown

Check ‘Is KRS Enabled’, to enable key recovery of the user certificate created using this profile

Check ‘Is CT Logs Enabled’, to enable CT logs of user certificate created using this profile

Check ‘Is Manual Authorization Enabled’, to enable Manual Authorization of the user certificate created using this profile

Check ‘Support Customize Validity’, to enable Support Customize Validity of the user certificate created using this profile

Check ‘Is Link Check Enabled’ to enable link check of the user certificate created using this profile

Subject DN:

Subject DN (Common name, Country, Email, organization etc.) attributes can be added by selecting the checkbox of the respective attribute. Once the attribute is selected, use the dropdown menu to define the relevant string from the options: Printable String, BitString, IA5String, BMPString, and UTF8String.

The option to make an attribute Mandatory (or) Optional is also provided

In addition to these options, the order of attributes can also be rearranged using the option next to Mandatory/optional

Optional: The option to customize OID is also offered. To add a custom Subject DN, click on the ‘+ Subject OID’ option

Enter a valid OID and select the corresponding values to include this OID in the Certificate creation process.

X.509 Certificate Extensions:

The following is the list of extensions available for selection as part of the ‘X.509 Certificate Extensions’ section. To select a specific extension, select the ‘Use’ checkbox attached to the respective extension. In addition, for selected extensions, an option to mark a specific section as ‘Critical’ is also provided.

By default, Basic Constraint is ‘End Entity’

Choose the Key Usage from the dropdown. By default Key Agreement, Key Certificate, and CRL Sign will be selected

The Enhanced Key Usage extension (optional) indicates one or more purposes for which the certified public key may be used, in addition to the basic purposes indicated in the key usage. Select the Enhanced Key usage from the drop-down

The Authority key identifier extension (optional) provides a means of identifying the public key corresponding to the private key used to sign a certificate

The Issuer alternate name extension (optional) allows additional identities to be associated with the issuer of CRL

The Subject Key Identifier extension (mandatory) indicates how to access information and services for the subject of the certificate in which the extension appears

The Authority Information Access extension (optional) indicates how to access CA information and services for the issuer of the certificate in which the extension appears.

The subject alternative names extension (optional) allows additional identities to be bound to the subject of the certificate. It may include an email address, a DNS name, an IP address, and a uniform resource identifier (URI)

The CRL distribution points extension (optional) identifies how CRL information is obtained

The Certificate policy extension (mandatory) states the different entities of public key infrastructure (PKI), their roles, and their duties. Clicking on the (+) button will display a text box to enter the Certificate policy (Optional)

The Freshest URL extension (optional) identifies the CRL to which a certificate user should refer to obtain the freshest revocation information

The Subject information access extension (optional) indicates how to access information and services for the subject of the certificate in which the extension appears.

The Subject Directory Attributes extension (optional) is used to convey identification attributes of the subject

Once all the required details are selected, clicking on “Proceed” will display the following page.

è In the above figure, the Admin should enter their Username and token PIN and click on the ‘Authenticate’ button. The admin credentials will be validated

Clicking on the ‘Edit’ button will redirect the Admin to the Enter Profile Details page with filled details where Admin can modify the entered data.

Once the validation is done, clicking on ‘Confirm’ will redirect to the next page as shown in the below figure.

Clicking on ‘View all’ will redirect the Administrator to the ‘Certificate Profiles’ page.

Clicking on ‘+ New’ will redirect the Administrator to the Enter Profile Details page of certificate Profile creation where the admin should be able to create a new certificate profile.

The created certificate profile will be updated on the ‘Certificate Profiles’ page.