Create attribute certificate procedure in Certificate Manager
This article includes updates for CM 8.10.
This article describes how to create an attribute certificate procedure in Smart ID Certificate Manager (CM). An attribute certificate procedure defines the parameters to be used when issuing an attribute certificate within the Certificate Authority (CA). This task is done in the Administrator's workbench (AWB) in Certificate Manager.
Prerequisites
The following prerequisites apply:
Two administration officers must sign the request.
Both officers must have the following roles:
Use AWB
Policy tasks
A connection to the CM host must have been established (see Connect to a Certificate Manager host).
The following information is required by the administration officer during the task:
The procedure name that will appear in the explorer bar
The key usage of the base certificate
The name of the issuing CA, its CA chain if applicable
The AC format, that is, the format to be used for the attribute certificate
The distribution rules to be used
The certificate validity period and the signature algorithm required
If the optional extensions certificate policy or authority information access will be used, all the necessary object identifier (OID), qualifier and access location information must be available
It is recommended that formats, which are not available, be generated before performing this task.
Create attribute certificate procedure
Clicking Save at any time during the creation of the attribute certificate procedure, before clicking OK, will save the data and place the incomplete procedure request in the Attribute Certificate procedures sub-group.
To complete the creation of the attribute certificate procedure at a later stage:
Highlight the procedure in the explorer bar.
Select Modify from the Edit menu, the toolbar, or the right-click shortcut menu.
To create an attribute certificate procedure:
In AWB, select New > Attribute Certificate procedure.
In the Create Attribute Certificate Procedure Request dialog, enter the Procedure name that should appear in the Attribute Certificate procedures sub-group in the explorer bar. This field is mandatory.
Set the procedure State to Active or Closed as required.
Select the Base certificate key usage by checking the appropriate check boxes. The base certificate is the public key certificate to which this attribute certificate is linked.
Click the Issuing CA browse button to open the Select Authority window.
Click on the required CA to highlight it and click OK. The selected CA appears in the Issuing CA field. This field is mandatory.
Click on the AC format browse button to open the Select certificate format window. This field is mandatory.
Depending on the parameter settings in the AC format file, note that, if attribute certificate procedures validity date extends beyond that of the CA certificate's expiration date, the corresponding token procedure will not be visible in the RA client and the RA client can truncate the expiration date of the end-user certificate to that of the CA certificate expiration date. For more information regarding certificate formats, refer to the "Certificate Format" chapter in the Technical Description.
Click on the required format to highlight it and click OK. The selected attribute certificate format appears in the AC format field.
In Distribution rules, click + to add a distribution rule. Add all relevant distribution rules.
In Distribution rules, edit the processing order if needed. To change the order, select a rule and use the arrow buttons to move it.
The distribution rules will be processed in the order selected and then stored to CMDB.In Certificate validity, select in turn the years, months, days, hours, and minutes, and adjust the numbers with the arrows. The date and time units may also be entered manually.
Select the required Signature algorithm from the drop-down list.
If any of the optional extensions certificate Policy or Authority information access are required, see Create certificate procedure in Certificate Manager.
If QC Statements are required, see Create certificate procedure in Certificate Manager.
If the certificates issued with this attribute certificate procedure should be covered by a special CRL distribution point, select the CRL procedure in the CRL Procedure field. Also check Explicit distribution points if issued attribute certificates should only add the distribution points from the selected CRL procedure. For more info, see Create CRL procedure in Certificate Manager, section “Partition CRL on distribution point”.
Click OK and sign the request. See Sign tasks in Certificate Manager for more information.
Additional information
Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions