Skip to main content
Skip table of contents

Step 8: Create Certificate Profiles for End Entities that use the SubCAs in Node A

Certificate Profiles define different types of certificates, with regards to DN-contents, extensions etc.
Create Certificate Profiles for the End Entities that will use the SubCAs (SignCA, AuthCA, SSLCA) you created in the previous steps.

The following sections describe the actions you have to perform.

Create Certificate Profile for End Entities that will use AuthCA in Node A

This section describes the creation of the Certificate Profile for the End Entities that will use AuthCA.

  1. Open CA Functions > Certificate Profiles.
  2. Enter AuthCAEndEntityCertificateProfile in the text field underneath the table.
  3. Click Add:



  4. AuthCAEndEntityCertificateProfile  is now listed in the List of Certificate Profiles. Search the entry and click Edit.
  5. The Edit window for AuthCAEndEntityCertificate Profile opens. Only the required entries are highlighted. All other settings can be applied. Make the following entries:

    • Type: Select End Entity
    • Available Key Algorithms:
    • Available bit lengths: Select 2048 bits
    • Signature Algorithm: Select Inherit from issuing CA
    • Validity: Enter 730d

    • Section 'Key usage'
      Enable: Use and Critical
      Enable Digital Signature
      Enable Key encipherment

    • Section 'Extended Key usage'
      Enable Use and select Client Authentication



    • Section 'Other data'
      Available CAs: Select AuthCA



  6. Click Save to finish.

Create Certificate Profile for End Entities that will use SignCA in Node A

This section describes the creation of the Certificate Profile for the End Entities that will use SignCA

  1. Open CA Functions > Certificate Profiles.
  2. Enter SignCAEndEntityCertificateProfile in the text field underneath the table.
  3. Click Add:



  4. Make the following entries:


    • Type: Select End Entity
    • Available bit lengths: Select 2048 bits
    • Signature Algorithm: Select Inherit from issuing CA
    • Validity: Enter 730d

      Section 'Key Usage'
    • Enable Digital Signature
    • Enable Non-repudiation

      Section 'Extended Key Usage'
    • Disable Use

      Section 'Other data'
    • Available CAs: Select SignCA




  5. Confirm your entries with Save.

Create Certificate Profile for End Entities that will use SSLCA in Node A

This section describes the creation of the certificate profile for the end entities that will use SSLCA. For that purpose you will clone a template.

  1. Open CA Functions > Certificate Profiles.
  2. Click Clone for SERVER.
  3. In the field Name of the new certificate profile enter SSLCAEndEntityCertificateProfile.
  4. Click Create from template:



  5. In Certificate Profiles, click Edit for the newly created profile.
  6. Make the following entries:

    • Type: Select End Entity
    • Available bit lengths: Select 2048 bits
    • Signature Algorithm: Select Inherit from issuing CA
    • Validity: Enter 730d
    • Key Usage: Enable Digital Signature
    • Extended Usage: Select Server Authentication

      Section Other data
    • Available CAs: Select SSLCA




  7. Confirm your entries with Save.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.