Chapter 13. Certificate Profiles

Chapter 13. Certificate Profiles

13.1. About Certificate Profiles
13.2. How Certificate Profiles Work
13.3. Setting up Certificate Profiles
13.3.1. Modifying Certificate Profiles through the CA Console
13.3.2. Modifying Certificate Profiles through the Command Line
13.3.3. Populating Certificates with Directory Attributes
13.3.4. Customizing the Enrollment Form
13.4. Certificate Profile Reference
13.5. Input Reference
13.5.1. Certificate Request Input
13.5.2. CMC Certificate Request Input
13.5.3. Dual Key Generation Input
13.5.4. File-Signing Input
13.5.5. Image Input
13.5.6. Key Generation Input
13.5.7. nsHcertificateRequest (Token Key) Input
13.5.8. nsNcertificateRequest (Token User Key) Input
13.5.9. Subject DN Input
13.5.10. Subject Name Input
13.5.11. Submitter Information Input
13.6. Output Reference
13.6.1. Certificate Output
13.6.2. PKCS #7 Output
13.6.3. CMMF Output
13.7. Defaults Reference
13.7.1. Authority Info Access Extension Default
13.7.2. Authority Key Identifier Extension Default
13.7.3. Basic Constraints Extension Default
13.7.4. CRL Distribution Points Extension Default
13.7.5. Extended Key Usage Extension Default
13.7.6. Freshest CRL Extension Default
13.7.7. Issuer Alternative Name Extension Default
13.7.8. Key Usage Extension Default
13.7.9. Name Constraints Extension Default
13.7.10. Netscape Certificate Type Extension Default
13.7.11. Netscape Comment Extension Default
13.7.12. No Default Extension
13.7.13. OCSP No Check Extension Default
13.7.14. Policy Constraints Extension Default
13.7.15. Policy Mappers Extension Default
13.7.16. Signing Algorithm Default
13.7.17. Subject Alternative Name Extension Default
13.7.18. Subject Directory Attributes Extension Default
13.7.19. Subject Key Identifier Extension Default
13.7.20. Subject Name Default
13.7.21. Token Supplied Subject Name Default
13.7.22. User Supplied Extension Default
13.7.23. User Supplied Key Default
13.7.24. User Signing Algorithm Default
13.7.25. User Supplied Subject Name Default
13.7.26. User Supplied Validity Default
13.7.27. Validity Default
13.8. Constraints Reference
13.8.1. Basic Constraints Extension Constraint
13.8.2. Extended Key Usage Extension Constraint
13.8.3. Extension Constraint
13.8.4. Key Constraint
13.8.5. Key Usage Extension Constraint
13.8.6. No Constraint
13.8.7. Netscape Certificate Type Extension Constraint
13.8.8. Signing Algorithm Constraint
13.8.9. Subject Name Constraint
13.8.10. Unique Subject Name Constraint
13.8.11. Validity Constraint

The Certificate System provides a customizable framework to apply policies for incoming certificate requests and to control the input request types and output certificate types; these are called certificate profiles. Certificate profiles set the required information for certificate enrollment forms in the Certificate Manager end-entities page. This chapter describes how to configure certificate profiles.