RA Administrator Role

Introduction

EJBCA Roles - Create RA Administrator role

Slide Deck: EJBCA Roles

Overview: This section creates the "RA administrator" role, and creates a new group for this user. Refer to the chart for an overview of permissions this role is assigned.

Slide Reference

Reminder you can visit the Accessing Your Environment page for details on how to connect to your RA web portal

Create the RA Administrator Certificate

1. Open a browser and click RA Web, from the ribbon menu across the top of page

2. Click Enroll >> Make New Request

3. In the Certificate Type drop-down list, select AdministratorEndEntityProfile

4. In the Key-pair generation selection, select By the CA

5. In the CN, Common name field, enter training_RAAdmin

6. In the Username field, enter training_RAAdmin

7. In the Enrollment code field, enter foo123

8. In the Confirm enrollment code field, enter foo123

9. Click Download PKCS#12

10. Save the file

11. Import the P12 into Firefox. See the previous section entitled "Refresher on importing certificates into Firefox" under "SuperAdmin Role" for the steps.

Create a Role

1. Open a browser and access your Admin Web Portal

2. Click System Functions >> Roles and Access Rules

3. Click Add

4. Enter Training RA Administrator Role and click Add

Create the Access Rules

1. On Training RA Administrator Role click Access Rules

2. In the Role Template list, select RA Administrator

3. In the Authorized CAs list select ManagementCA and SubCA

4. In the End Entity Profiles list select TLSClientEndEntityProfile and TLSServerEndEntityProfile

5. In the Other Rules uncheck View Audit Log

6. Click Save

7. Click Back to Roles Management

Create the Matching Rule

1. On Training RA Administrator Role click Members

2. In the Match With list, select X509: CN, Common name

3. In the CA list, select ManagementCA

4. In the Match value field, enter training_RAAdmin

5. Click Add

6. Click Back to Roles Management