Create CA Self Signed Certificate Profile
Last updated
Last updated
Once you log in, go to the dashboard page and click on Manage Profiles. From there, select the Certificate Profile sub-menu as shown in the figure below. You will be directed to the Manage Certificate Profile page.
In the Manage Certificate Profile page, click "New Profile". The following page will show a figure.
"In the page depicted in the figure above:"
The "Root" radio button will be selected by default.
Please provide the name for the profile.
Specify the validity of the certificate in days, hours, minutes, and seconds using this profile.
Please select "Issuing CA as self-signed" from the dropdown menu.
To add Subject DN attributes such as Country and organization, simply select the checkbox located next to the attribute and choose one of the available options from the dropdown menu (Printable String, BitString, IA5String, BMPString, or UTF8String). You can also arrange the sequence of the attributes that you want to appear in the certificate by using drag and drop. In addition, you can choose to mark the attributes as either mandatory or optional.
Click on the + button to customize the OID. Enter a valid OID and corresponding value. For example, during certificate creation, you can add the surname value "Patel" which corresponds to OID "2.5.4.4".
Customizing the OID will allow users to add additional Distinguished Names by entering OID and value for the Subject DN.
By default, the Basic Constraint is set to "None". Administrators can choose to maintain up to 6 sub CAs or a certificate hierarchy.
Choose at least one key usage from the dropdown menu.
Choose the purpose(s) for which the certified public key may be used from the dropdown list of Enhanced Key Usage (Optional). Enhanced Key Usage indicates additional purposes to the basic ones specified in key usage.
The Authority Key Identifier extension allows for the identification of the public key associated with the private key used to sign a certificate. This extension is optional.
The subject information access extension provides information on how to access services and information related to the subject of the certificate in which the extension is present. On the other hand, the access extension provides information on how to access CA services and information for the issuer of the certificate in which the extension is present. The extension also includes a download URL for the issuer certificate and an optional URL for the OCSP of the issuer certificate.
The subject alternative names extension allows for additional identities to be associated with the certificate's subject. These identities may include an email address, a DNS name, an IP address, or a uniform resource identifier (URI) (optional).
Please provide details about the different entities involved in a Public Key Infrastructure (PKI), their respective roles and duties. Additionally, please click on the "+" button to display a text box where you can enter the Certificate Policy. This is optional. Finally, the CRL distribution points extension is responsible for identifying how CRL information is obtained.
After entering the required information, click on the "Save and Proceed" button. The next page will be displayed automatically.
The details entered by the "Administrator" in step 2 are displayed on the page shown in the figure above.
Clicking the "Edit" button will redirect to the first step, pre-filled with existing details. The administrator can make changes and click on "Proceed" to save the updated data.
In the 2nd step Administrator should verify the data entered and admin should enter valid email id and token PIN. Click on Authenticate button
After you click on the "Confirm" button, you will be redirected to the next page which is shown in the figure below.
To access the "Manage certificate Profile" page, the Administrator can click on the "View all" option.
Clicking on the “+ New” button will redirect the administrator to the first step of the certificate profile creation process, where they can create a new profile.
The certificate profile that has been created will be updated on the "Manage Certificate Profile" page.