Skip to main content
Skip table of contents

Server Certificate Profiles (TLS Sample)

Introduction

EJBCA Profiles, Creating certificate & end-entity profiles

Slide Deck: EJBCA Profiles

Overview: The TLSServerCertificate is very similar to the TLSClientCertificate, except this certificate will be created with server authentication, instead of client authentication. A certificate created with these options, is able to authenticate to another server. This type of certificate will be used later in the training.

Slide Reference

Certificate profile properties

End entity profile properties

Both profiles are needed to issue a certificate

Reminder you can visit the Accessing Your Environment page for details on how to connect to your Admin web portal

Creating a Certificate Profile for TLS Server Certificates

  1. Open a browser and access your Admin Web Portal

  2. Click CA Functions >> Certificate Profiles

  3. On SERVER click Clone

  4. Enter TLSServerCertificateProfile and click Create from template

  5. Click Edit on the profile TLSServerCertificateProfile

  6. In the Available key algorithms list, select RSA

  7. In the Available bit lengths list, select 2048 bits

  8. In the Signature Algorithm list, select SHA256WithRSA

  9. In the Validity field, enter 2y

  10. For Key Usage make sure that Digital Signature and Key Encipherment are selected

  11. For Extended Key Usage make sure Server Authentication is selected

  12. In the Available CAs list, select Sub CA and ManagementCA

  13. Click Save

Creating an End Entity Profile for TLS Server Certificates

  1. Open a browser and access your Admin Web Portal

  2. Click RA Functions >> End Entity Profiles

  3. In the Add End Entity Profile field, enter TLSServerEndEntityProfile and click Add Profile

  4. Select TLSServerEndEntityProfile and click Edit End Entity Profile

  5. For End Entity E-mail deselect the check box

  6. In the Subject DN Attributes list, select O, Organization and click Add

  7. In the O, Organization field

    1. Enter the text PrimeKey Solutions AB

    2. Select Required

    3. Deselect Modifiable

  8. In the Subject DN Attributes list, select C, Country (ISO 3166) and click Add

  9. In the C, Country (ISO 3166) field

    1. Enter the text SE

    2. Select Required

    3. Deselect Modifiable

  10. In the Subject Alternative Name list, select DNS Name and click Add

  11. In the DNS Name field

    1. Make sure that Required is deselected

    2. Make sure that Modifiable is selected

  12. In the Default Certificate Profile list, select TLSServerCertificateProfile

  13. In the Available Certificate Profiles list, select TLSServerCertificateProfile

  14. In the Default CA list, select Sub CA

  15. In the Available CAs list, select Sub CA and ManagementCA

  16. In the Default Token list, select P12 file

  17. In the Available Tokens list, select P12 file, JKS file and PEM file

  18. Click Save

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close