# Setting up TLS Issuance

For TLS Issuance, firstly Administrator needs to create a TLS Certificate Profile, using which an Officer can create and issue the TLA certificate.

## TLS Certificate Profile Creation

1. Login as an Administrator
2. Click on Manage Profiles
   1. Certificate Profiles -> X509

<figure><img src="https://2804668976-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOwstGDJbR4yGRTr2aEFp%2Fuploads%2F6LjMIS0M78iDFceNItGY%2Fimage.png?alt=media&#x26;token=2481c799-84a3-4c23-9a6d-30ed6aa6d67f" alt=""><figcaption></figcaption></figure>

3. Click on “+New Profile” to create a new certificate profile

<figure><img src="https://2804668976-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOwstGDJbR4yGRTr2aEFp%2Fuploads%2FvUsJD2YQn8jeiCmFdo7A%2Fimage.png?alt=media&#x26;token=5b0051bf-04b3-4188-839e-ea2f7f171da5" alt=""><figcaption></figcaption></figure>

4. Basic Information
   1. Profile Type: User for SSL/ TLS Certificates
   2. Sub Type: New
   3. Profile Name: anything for identification
   4. Validity: as per your Region Certifying Authority Guidelines
   5. Issuing CA: Select your Issuer CA
   6. Signature Algorithm: Select the preferred Algorithm type for SSL/TLS Certificate
5. Subject DN Details: Select as per your SSL Guidelines
   1. Common Name
   2. Email
   3. Country
   4. Organization
   5. Organization Unit

<figure><img src="https://2804668976-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOwstGDJbR4yGRTr2aEFp%2Fuploads%2F08IzpDzUhuJkrCNmNGf1%2Fimage.png?alt=media&#x26;token=47cf5433-8f78-410c-9d5b-5c65fd0f97ec" alt=""><figcaption></figcaption></figure>

6. Certificate Extensions: Select as per your SSL Guidelines
   1. Basic Constraint
   2. Key Usage
   3. Enhanced Key Usage
   4. Authority Key Identifier
   5. Subject Key Identifier
   6. Subject Alternative Name
   7. CRL Distribution Points
   8. Certificate Policy
   9. Authority Information Access

<figure><img src="https://2804668976-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOwstGDJbR4yGRTr2aEFp%2Fuploads%2FBYO99D2IMYSFTDVqeD3w%2Fimage.png?alt=media&#x26;token=67a3215c-dc9d-4b14-be44-ab2d4d426cc0" alt=""><figcaption></figcaption></figure>

Authentication: Administrator needs to authentication for Security Purpose

<figure><img src="https://2804668976-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOwstGDJbR4yGRTr2aEFp%2Fuploads%2FBJ82cFqdeEO8gguMnr7g%2Fimage.png?alt=media&#x26;token=d3eeaa46-47b3-4844-812d-4353f03ec132" alt=""><figcaption></figcaption></figure>

X509 TLS Certificate Profile successful creation after successful authentication.

<figure><img src="https://2804668976-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOwstGDJbR4yGRTr2aEFp%2Fuploads%2FEq5U0aQMJ45AVswiz7iA%2Fimage.png?alt=media&#x26;token=0bb6f853-1e50-4ef7-abcd-c2b6f1a46e57" alt=""><figcaption></figcaption></figure>

Same certificate with the profile basic information and status will be displayed under the menu. An Officer can issue the TLS using this Certificate Profile created by Administrator.

<figure><img src="https://2804668976-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOwstGDJbR4yGRTr2aEFp%2Fuploads%2F3OCpGTqalEKVUFhBudBU%2Fimage.png?alt=media&#x26;token=77f0d335-d4f2-4210-aacf-b2ca7675f2fb" alt=""><figcaption></figcaption></figure>

## TLS Certificate Issuance

Officer can use the TLS Certificate Profile created by Administrator to create and issue the TLS Certificates or Sign CSR for TLS Certificates as a CA. This section covers both.

### **Issue New TLS Certificate**

1. Login as an Officer
2. Click on Manage User Certificates -> Enroll
3. Select the Token (Soft/Hard) where the Certificate needs to be stored
4. Select the TLS Certificate Profile that Administrator has created
5. Enter Subject DN, SAN, and other details as per the Certificate Profile
6. Authentication as an Officer before requesting to create the certificate for security purposes

<figure><img src="https://2804668976-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOwstGDJbR4yGRTr2aEFp%2Fuploads%2FmCMYIYkbTp2I1oqPjHfy%2Fimage.png?alt=media&#x26;token=7458a6f0-c7e1-4ea2-9e61-75558505eb3a" alt=""><figcaption></figcaption></figure>

7. After successful authentication, please proceed to “Create” the certificate.

<figure><img src="https://2804668976-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOwstGDJbR4yGRTr2aEFp%2Fuploads%2FQ7yCwW05P9xRSyLq6mhs%2Fimage.png?alt=media&#x26;token=01112dad-954b-4ace-ba2a-8a29c9058349" alt=""><figcaption></figcaption></figure>

8. Certificate will be ready to “Download”

<figure><img src="https://2804668976-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOwstGDJbR4yGRTr2aEFp%2Fuploads%2FuhO0olqd3pAvtQWZVQ6R%2Fimage.png?alt=media&#x26;token=67ec5117-796d-4d3b-b0ef-86a5f49b7ca6" alt=""><figcaption></figcaption></figure>

### **Sign CSR**

If the request is coming from Client/ externals in the form of CSR – follow this tutorial.

1. Login as an Officer
2. Click on Manage User Certificates -> Sign CSR
3. Select the Configuration Type, either file Upload or Text Area
4. Select the Certificate Profile crested by Administrator
5. Finally, the Certifying Authority (CA)

<figure><img src="https://2804668976-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOwstGDJbR4yGRTr2aEFp%2Fuploads%2FiZpQEpkKVmrLJxWyGWNI%2Fimage.png?alt=media&#x26;token=80d41256-3b64-4e73-91ae-5eb9aa1e482b" alt=""><figcaption></figcaption></figure>

6. Click on Proceed
7. Enter CSR details as per the Certificate Profile
   1. Common Name
   2. Email
   3. Country
   4. Organization
   5. Organization Unit
   6. SAN details

<figure><img src="https://2804668976-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOwstGDJbR4yGRTr2aEFp%2Fuploads%2FKOU2zeYpIA4MJSvsKY6E%2Fimage.png?alt=media&#x26;token=b7ada72e-ac3d-4a9d-9e46-b43c860e8487" alt=""><figcaption></figcaption></figure>

8. Check Other details
   1. Key Size
   2. Certificate Profile
   3. Certifying Authority
9. Click on Proceed

<figure><img src="https://2804668976-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOwstGDJbR4yGRTr2aEFp%2Fuploads%2F43oil4nGFh0SgEgSXbcw%2Fimage.png?alt=media&#x26;token=8101da23-05ae-4c84-b067-10d098fe4837" alt=""><figcaption></figcaption></figure>

10. Authenticate as an Officer
11. Finally, Sign CSR

<figure><img src="https://2804668976-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOwstGDJbR4yGRTr2aEFp%2Fuploads%2F581p3g7GoCwonAfggYK5%2Fimage.png?alt=media&#x26;token=49b6cb51-a593-441d-9808-9b0c19dadb31" alt=""><figcaption></figcaption></figure>

Signed CSR as a CA will be ready to download for TLS issuance.