Create OCSP Certificate

After logging in, navigate to the dashboard page and click on the Profile Management tab. From there, select the Certificate Profile sub-menu, as shown in the figure below.

Click on the "New Profile" button on the Manage Certificate Profile page, as shown in the figure below.

In the above shown figure :

By default “Root” radio button will be selected. Please select OCSP radio button.

Enter the Profile name

Choose validity in terms of no. of days, Hours, Minutes, Seconds. Certificate created using this profile will have selected validity.

Choose issuing CA from dropdown.

By default Basic Constraint is “End Entity”.

Choose the key Usage from dropdown. Select at least one key usage.

Choose the Enhanced Key Usage from dropdown (Optional). Note: Enhanced Key Usage indicates one or more purposes for which the certified public key may be used, in addition to basic purposes indicated in the key usage.

Subject DN (Country, organization etc.) attributes can be added by selecting the checkbox available beside the attributes and from dropdown menu select one of these (Printable String, BitString, IA5String, BMPString, UTF8String). You can arrange the sequence of attributes that needs to be shown in the certificate by drag and drop.

Optional: Customize OID click on + button and enter valid OID and corresponding value (OID “2.5.4.4” which corresponds to surname

Customize OID will add Subject DN where User can add additional Distinguish Name by entering OID and Value.

The authority key identifier extension provides a means of Identifying the public key corresponding to the private key used to sign a certificate. (Optional)

The subject information access extension indicates how to access information and services for the subject of the certificate in which the extension appears. access extension indicates how to access CA information and services for the issuer of the certificate in which the extension appears. URL of the Issuer certificate for download. URL of the OCSP for issuer certificate. (Optional)

The subject alternative names extension allows additional identities to be bound to the subject of the certificate. It may include an email address, a DNS name, an IP address, and a uniform resource identifier (URI) (Optional).

The CRL distribution points extension identifies how CRL information is obtained. state what are the different entities of a public key infrastructure (PKI), their roles and their duties. Click on (+) button, should display text box to enter Certificate policy. (Optional)

Click on “Proceed” below page will be displayed.

The above page as shown in figure above displays the details entered by “Administrator” in step 1.

Click on “Edit” button will redirect to first step with filled details, Admin can edit the data click on “Save and Proceed”.

In the 2nd step Admin should verify the data entered and admin should sign and Authenticate with valid email ID and token PIN.

Click on “Confirm” will redirect to next page as shown in figure below.

Clicking on “View all” will redirect Administrator to “Manage certificate Profile” page.

Clicking on “+ New“ will redirect Administrator to step1 of certificate Profile creation where admin should be able to create new certificate profile.

Created certificate profile will be updated in “Manage certificate profile” page.