Create SubCA Certificate Profile
Last updated
Last updated
After logging in, navigate to the dashboard page and click on "Manage Profiles". From there, select the "Certificate Profile" sub-menu as displayed in the figure below.
To create a Sub CA profile, you must first create a CA profile. This can be either a self-signed CA or a CA with an issuer as ROOT. Follow the steps above to create a self-signed CA and you will receive the list shown below.
Click on "New Profile" button on the Manage Certificate Profile page (refer to the figure below).
In the above shown in figure
By default “Root” radio button will be selected. Select CA.
Enter the Profile name
Enter validity in no. of days, hour, minutes and seconds. Certificate created using this profile will have selected validity.
Select the CA from the issuing CA dropdown.
By default Basic Constraint is “None” and Administrator can select from 0 to 6 to maintain that many number of sub CA’s or maintain certificate hierarchy. This option will be enabled only for “CA.
Subject DN (Country, organization etc.) attributes can be added by selecting the checkbox available beside the attributes and from dropdown menu select one of these (Printable String, BitString, IA5String, BMPString, UTF8String). You can arrange the sequence of attributes that needs to be shown in the certificate by drag and drop.
Optional: Customize OID click on + button and enter valid OID and corresponding value (OID “2.5.4.4” which corresponds to surname value is “Patel” which can be added during certificate creation.
Customize OID will add Subject DN where User can add additional Distinguish Name by entering OID and Value
Choose the key Usage from dropdown. select at least one key usage
Choose the Enhanced Key Usage from dropdown (Optional). Note: Enhanced Key Usage indicates one or more purposes for which the certified public key may be used, in addition to basic purposes indicated in the key usage.
The authority key identifier extension provides a means of Identifying the public key corresponding to the private key used to sign a certificate. (Optional)
The subject information access extension indicates how to access information and services for the subject of the certificate in which the extension appears. access extension indicates how to access CA information and services for the issuer of the certificate in which the extension appears. URL of the Issuer certificate for download. URL of the OCSP for issuer certificate. (Optional)
The subject alternative names extension allows additional identities to be bound to the subject of the certificate. It may include an email address, a DNS name, an IP address, and a uniform resource identifier (URI) (Optional).
The CRL distribution points extension identifies how CRL information is obtained. state what are the different entities of a public key infrastructure (PKI), their roles and their duties. Click on (+) button, should display text box to enter Certificate policy. (Optional)
The above page as shown in figure above displays the details entered by “Administrator” in step 2.
Click on “Edit” button will redirect to first step with filled details, Admin can edit the data click on “Proceed”.
In the 2nd step Admin should verify the data entered and admin should click on Authenticate button after entering with valid email ID and token PIN.
Click on “Confirm” will redirect to next page as shown in figure below
Clicking on the “View all” button will redirect the Administrator to the “Manage certificate Profile” page.
Clicking on “+ New “will redirect the Administrator to step 1 of Certificate Profile creation, where the admin should be able to create a new certificate profile.
The created certificate profile will be updated on the “Manage certificate profile” page.