Setting up TLS Issuance

For TLS Issuance, firstly Administrator needs to create a TLS Certificate Profile, using which an Officer can create and issue the TLA certificate.

TLS Certificate Profile Creation

  1. Login as an Administrator

  2. Click on Manage Profiles

    1. Certificate Profiles -> X509

  1. Click on “+New Profile” to create a new certificate profile

  1. Basic Information

    1. Profile Type: User for SSL/ TLS Certificates

    2. Sub Type: New

    3. Profile Name: anything for identification

    4. Validity: as per your Region Certifying Authority Guidelines

    5. Issuing CA: Select your Issuer CA

    6. Signature Algorithm: Select the preferred Algorithm type for SSL/TLS Certificate

  2. Subject DN Details: Select as per your SSL Guidelines

    1. Common Name

    2. Email

    3. Country

    4. Organization

    5. Organization Unit

  1. Certificate Extensions: Select as per your SSL Guidelines

    1. Basic Constraint

    2. Key Usage

    3. Enhanced Key Usage

    4. Authority Key Identifier

    5. Subject Key Identifier

    6. Subject Alternative Name

    7. CRL Distribution Points

    8. Certificate Policy

    9. Authority Information Access

Authentication: Administrator needs to authentication for Security Purpose

X509 TLS Certificate Profile successful creation after successful authentication.

Same certificate with the profile basic information and status will be displayed under the menu. An Officer can issue the TLS using this Certificate Profile created by Administrator.

TLS Certificate Issuance

Officer can use the TLS Certificate Profile created by Administrator to create and issue the TLS Certificates or Sign CSR for TLS Certificates as a CA. This section covers both.

Issue New TLS Certificate

  1. Login as an Officer

  2. Click on Manage User Certificates -> Enroll

  3. Select the Token (Soft/Hard) where the Certificate needs to be stored

  4. Select the TLS Certificate Profile that Administrator has created

  5. Enter Subject DN, SAN, and other details as per the Certificate Profile

  6. Authentication as an Officer before requesting to create the certificate for security purposes

  1. After successful authentication, please proceed to “Create” the certificate.

  1. Certificate will be ready to “Download”

Sign CSR

If the request is coming from Client/ externals in the form of CSR – follow this tutorial.

  1. Login as an Officer

  2. Click on Manage User Certificates -> Sign CSR

  3. Select the Configuration Type, either file Upload or Text Area

  4. Select the Certificate Profile crested by Administrator

  5. Finally, the Certifying Authority (CA)

  1. Click on Proceed

  2. Enter CSR details as per the Certificate Profile

    1. Common Name

    2. Email

    3. Country

    4. Organization

    5. Organization Unit

    6. SAN details

  1. Check Other details

    1. Key Size

    2. Certificate Profile

    3. Certifying Authority

  2. Click on Proceed

  1. Authenticate as an Officer

  2. Finally, Sign CSR

Signed CSR as a CA will be ready to download for TLS issuance.

PreviousTutorials and GuidesNextSetting up Client Auth Certificates

Last updated