Difference between revisions of "Certificate Profiles"

From Dogtag
Jump to: navigation, search
(Overview)
(Overview)
Line 1: Line 1:
 
= Overview =
 
= Overview =
 +
Enrollment Profile Framework:
 +
 +
[[File: PKI_ProfileFramework.png]]
  
 
The Certificate System uses certificate profiles to configure the content of the certificate, the constraints for issuing the certificate, the enrollment method used, and the input and output forms for that enrollment. A single certificate profile is associated with issuing a particular type of certificate.
 
The Certificate System uses certificate profiles to configure the content of the certificate, the constraints for issuing the certificate, the enrollment method used, and the input and output forms for that enrollment. A single certificate profile is associated with issuing a particular type of certificate.
Line 9: Line 12:
 
* [[System Certificate Profiles]] - used to generate system certificates during installation
 
* [[System Certificate Profiles]] - used to generate system certificates during installation
 
* [[CA Certificate Profiles]] - provided by CA for use by end-entities post installation
 
* [[CA Certificate Profiles]] - provided by CA for use by end-entities post installation
 
Enrollment Profile Framework:
 
 
[[File: PKI_ProfileFramework.png]]
 
  
 
= Components =
 
= Components =

Revision as of 21:19, 13 August 2019

Overview

Enrollment Profile Framework:

PKI ProfileFramework.png

The Certificate System uses certificate profiles to configure the content of the certificate, the constraints for issuing the certificate, the enrollment method used, and the input and output forms for that enrollment. A single certificate profile is associated with issuing a particular type of certificate.

A set of certificate profiles is included for the most common certificate types; the profile settings can be modified. Certificate profiles are configured by an administrator, and then sent to the agent services page for agent approval. Once a certificate profile is approved, it is enabled for use. A dynamically-generated HTML form for the certificate profile is used in the end-entities page for certificate enrollment, which calls on the certificate profile. The server verifies that the defaults and constraints set in the certificate profile are met before acting on the request and uses the certificate profile to determine the content of the issued certificate.

Certificate profiles can be crafted to meet all kinds of needs. For example:

Components

References