System information
Profile Policy Set Defaults Constraints
request. The default values
are Criticality=false and
OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4.
userCertSet.8 - Subject Alt
Name Constraint
Populates a Subject
Alternative Name extension
(2.5.29.17) to the request.
The default values are
Criticality=false and
Record
#0{Pattern:$request.requester_email$,Pattern
Type:RFC822Name,Enable:true}.
No constraints
userCertSet.9 - SigningAlg Populates the certificate
signing algorithm. The default
value is
Algorithm=SHA1withRSA.
Accepts only the following
signing algorithms:
SHA1withRSA
SHA256withRSA
SHA512withRSA
MD5withRSA
MD2withRSA
a
The keytype should be RSA.
b
The key length should be between 512 and 4096.
Table 3.2. caUserCert Profile Policy Sets
• Profile outputs.
The Certificate Output output displays the certificate in pretty print format and cannot be
configured or changed. This output needs to be specified for any automated enrollment. Once
a user successfully authenticates using the automated enrollment method, the certificate is
automatically generated, and this output page is returned to the user. In an agent-approved
enrollment, the user can get the certificate, once it is issued, by providing the request ID in
the CA end entities page. (There is no output page associated with agent-approved
enrollment.)
4. How Certificate Profiles Work
An administrator sets up a certificate profile by associating an existing authentication plug-in, or
method, with the certificate profile; enabling and configuring defaults and constraints; and
defining inputs and outputs. The administrator can use the existing certificate profiles, modify
the existing certificate profiles, create new certificate profiles, and delete any certificate profile
that will not be used in the PKI.
Once a certificate profile is set, it appears on the Manage Certificate Profiles page, where an
How Certificate Profiles Work
27