Create User CA Certificate
Last updated
Last updated
On the dashboard page after logging in, click Manage Profiles and then the Certificate Profile sub-menu. Refer to the figure below for guidance.
On the Manage Certificate Profile page, click on the “New Profile” button shown in the figure below.
In the above-shown figure :
By default “Root” radio button will be selected. Select User radio button.
Enter the Profile name
Enter validity in terms of days, Hour, Minute, Seconds. Certificate created using this profile will have selected validity.
Choose Issuing CA as Sub CA certificate created from dropdown.
By default Basic Constraint is “End Entity”.
Choose the key Usage from dropdown. By default Key Agreement, Key Certificate, CRL Sign will be selected.
Choose the Enhanced Key Usage from dropdown (Optional). Note: Enhanced Key Usage indicates one or more purposes for which the certified public key may be used, in addition to basic purposes indicated in the key usage.
Check the Is KRS enabled, to enable key recovery of user certificate created using this profile.
Check the Is CT Logs Enabled, to enable CT logs of user certificate created using this profile.
Check the Is Manual Authorization Enabled, to enable Manual Authorization of user certificate created using this profile.
Check the Support Customize Validity, to enable Support Customize Validity of user certificate created using this profile.
Subject DN (Country, organization etc.) attributes can be added by selecting the checkbox available beside the attributes and from dropdown menu select one of these (Printable String, BitString, IA5String, BMPString, UTF8String). You can arrange the sequence of attributes that needs to be shown in the certificate by drag and drop.
Optional: Customize OID click on + button and enter valid OID and corresponding value (OID “2.5.4.4” which corresponds to surname which is entered while certificate creation.
Customize OID will add Subject DN where User can add additional Distinguish Name by entering OID and Value.
The authority key identifier extension provides a means of Identifying the public key corresponding to the private key used to sign a certificate. (Optional)
The subject information access extension indicates how to access information and services for the subject of the certificate in which the extension appears. access extension indicates how to access CA information and services for the issuer of the certificate in which the extension appears. URL of the Issuer certificate for download. URL of the OCSP for issuer certificate. (Optional)
The subject alternative names extension allows additional identities to be bound to the subject of the certificate. It may include an email address, a DNS name, an IP address, and a uniform resource identifier (URI) (Optional).
The CRL distribution points extension identifies how CRL information is obtained. state what are the different entities of a public key infrastructure (PKI), their roles and their duties. Click on (+) button, should display text box to enter Certificate policy. (Optional)
Click on “Save and Proceed” below page as shown in figure below will be displayed.
The above figure displays the details entered by the “Administrator” in step 1.
Click on the “Edit” button will redirect to the first step with filled details; Admin can edit the data by clicking on “Save and Proceed”.
In the 2nd step, the Admin should verify the data entered, and admin should sign and Authenticate with a valid email ID and token PIN.
Click on “Confirm” will redirect to the next page as shown below in the figure
Clicking on “View All” will redirect the Administrator to the “Manage certificate Profile” page.
Clicking on “+ New“ will redirect the Administrator to step 1 of certificate Profile creation, where the admin should be able to create a new certificate profile.
The created certificate profile will be updated on the “Manage certificate profile” page.