Create a Certificate Profile and a Certificate Template
In order to utilize your external CA for certificate issuance, you must first set up the profiles and templates that will be available for enrollment.
A Certificate Profile defines the criteria by which a certificate can be created, such as key type and size.
A Certificate Template maps that profile to a product with your CA and further defines criteria such as organization name or lifetime.
Create a Certificate Profile
Within the Gateway Portal, click Certificate Profiles under the Command Gateway logo.
Click the Add button to add a new Certificate Profile. Enter a name for your profile in the Name field. Then enter the key specifications for this enrollment type in the Key Algorithms section.
Note: The CA must support the key requirements for the request to be successful. For example, if your CA does not support a 1024 bit keysize, the request will fail when sent to the CA.
Create a Certificate Template
Next, you’ll need to create a template for Command to use when a certificate is requested by an end user. This step allows for parameters to be set for submission to DigiCert, regardless of user or CSR specified values, such as DigiCert product, lifetime, and renewal/reissue window.
Note: The Gateway supports multiple templates.
To create a template, click the Templates tab on the Edit CA window.
In the Certificate Profile field, select the Certificate Profile that will be used with Template - this is like setting the minimum requirements for the certificate. In the Product ID field, select the product that will be ordered from your external CA when this Certificate Template is used.
To associate the request to an organization within your CA's account, click the Organization-Name parameter key. Then click the Edit button.
Note: Enter the organization name exactly as it is shown on the CA (DigiCert) side. Then click Save.
For information on adding, editing, or managing Certificate Authorities, refer to the ANYCA REST Documentation.