Setting up Client Auth Certificates

For Client Auth Certificates, firstly Administrator needs to create a Client Authentication Certificate Profile, using which an Officer can create and issue the certificates.

Client Auth Certificate Profile Creation

  1. Login as an Administrator

  2. Click on Manage Profiles

    1. Certificate Profiles -> X509

  1. Click on “+New Profile” to create a new certificate profile

  1. Basic Information

    1. Profile Type: User for Client Auth Certificates

    2. Sub Type: New

    3. Profile Name: anything for identification

    4. Validity: as per your Region Certifying Authority Guidelines

    5. Issuing CA: Select your Issuer CA

    6. Signature Algorithm: Select the preferred Algorithm type for Client Auth Certificates

  2. Subject DN Details: Select as per your SSL Guidelines

    1. Common Name

    2. Email

    3. Country

    4. Organization

    5. Organization Unit

  1. Certificate Extensions: Select as per your SSL Guidelines

    1. Basic Constraint

    2. Key Usage

    3. Enhanced Key Usage

    4. Authority Key Identifier

    5. Subject Key Identifier

    6. Subject Alternative Name

    7. CRL Distribution Points

    8. Certificate Policy

    9. Authority Information Access

  1. Authentication: Administrator needs to authentication for Security Purpose

  2. X509 Client Auth Certificate Profile creates successfully.

  1. Same certificate with the profile basic information and status will be displayed under the menu. An Officer can issue the TLS using this Certificate Profile created by Administrator.

Client Auth Certificate Issuance

Officer can use the Client Auth Certificate Profile created by Administrator to create and issue the Client Auth Certificates or Sign CSR for Client Auth Certificates as a CA. This section covers both.

Enroll New Client Auth Certificate

  1. Login as an Officer

  2. Click on Manage User Certificates -> Enroll

  3. Select the Token (Soft/Hard) where the Certificate needs to be stored

  4. Select the Client Auth Certificate Profile that Administrator has created

  5. Enter Subject DN, SAN, and other details as per the Certificate Profile

  6. Authentication as an Officer before requesting to create the certificate for security purposes

  1. After successful authentication, please proceed to “Create” the certificate.

  1. Certificate will be ready to “Download”.

Sign CSR

If the request is coming from Client/ externals in the form of CSR – follow this tutorial.

  1. Login as an Officer

  2. Click on Manage User Certificates -> Sign CSR

  3. Select the Configuration Type, either file Upload or Text Area

  4. Select the Certificate Profile crested by Administrator

  5. Finally, the Certifying Authority (CA)

  1. Click on Proceed

  2. Enter CSR details as per the Certificate Profile

    1. Common Name

    2. Email

    3. Country

    4. Organization

    5. Organization Unit

    6. SAN details

  1. Check Other details

    1. Key Size

    2. Certificate Profile

    3. Certifying Authority

  2. Click on Proceed

  3. Authenticate as an Officer

  4. Finally, Sign CSR

Signed CSR as a CA will be ready to download for TLS issuance.

PreviousSetting up TLS IssuanceNextPrevious Release Versions

Last updated