CA Administrator Role

Introduction

EJBCA Roles - Create CA Administrator role

Slide Deck: EJBCA Roles

Overview: This section creates the "CA administrator" role, and also creates a new group for this user. Refer to the chart for an overview of permissions this role is assigned.

Slide Reference

Reminder you can visit the Accessing Your Environment page for details on how to connect to your RA web portal

Create the CA Administrator Certificate

1. Open a browser and click RA Web, from the ribbon menu across the top of page

2. Click Enroll >> Make New Request

3. In the Certificate Type drop-down list, select AdministratorEndEntityProfile

4. In the Key-pair generation selection, select By the CA

5. In the CN, Common name field, enter training_CAAdmin

6. In the Username field, enter training_CAAdmin

7. In the Enrollment code field, enter foo123

8. In the Confirm enrollment code field, foo123

9. Click Download PKCS#12

10. Save the file

11. Import the P12 into Firefox. See the previous section entitled "Refresher on importing certificates into Firefox" under "SuperAdmin Role" for the steps.

Create a Role

1. Open a browser and access your Admin Web Portal

2. Click System Functions >> Roles and Access Rules

3. Click Add

4. Enter Training CA Administrator Role and click Add

Create the Access Rules

1. On Training CA Administrator Role click Access Rules

2. In the Role Template list, select CA Administrators

3. In the Authorized CAs list, select Sub CA

4. Click Save

5. Click Back to Roles Management

Create the Matching Rule

1. On Training CA Administrator Role click Members

2. In the Match With list, select X509: CN, Common name

3. In the CA list, select ManagementCA

4. In the Match value field, enter training_CAAdmin

5. Click Add

6. Click Back to Roles Management