Certificate Authority Profile Name Configuration
Contents
If you have not made any configuration changes yet, please see How to make configuration changes
Introduction
The idenprotect Core Platform can integrate with an external CA or it can use its own internal CA. Not all parameters are required for all CA Types.
Other CA related articles are Certificate Authority Server Configuration, Certificate Authority Stores Configuration
For more information on specific Certificate Authorities, see one of the following articles:
- Internal Certificate Authority
- EJBCA
- Soap Services Certificate Authority
- Microsoft Certificate Services Certificate Authority
The idenprotect Core Platform submits Certificate Signing Requests to external CA and for each signing request, a template to be used will be specified.
The requests will be for up to 3 different types of certificate
1. Device/Default: Used to secure communications between the client and server 2. Secure Enclave: The key stored in the device's secure hardware 3. Ephemeral (ERSA): Key with a short lifetime used for mutual TLS
It is possible to specify which Certificate Template will be used by idenprotect for each certificate type when submitting signing requests to an external CA.
(These settings have no effect when using the internal CA)
Configurable Settings
- CA Profile Name Configuration in the idenprotect Core Platform Admin Console Config Tab
- Server file system in
/etc/idenprotect/ca.properties
Parameter in Config Tab | Parameter in Properties File | Description |
---|---|---|
Default Certificate Profile
|
ca.certprofile.default
|
The certificate profile/template to be used when signing the Device Certificate or when not type is supplied by the client |
Secure Enclave (SECENC) Certificate Profile
|
ca.certprofile.signing
|
The certificate profile/template to be used when signing the Secure User Certificate stored in the device hardware |
ERSA Certificate Profile
|
ca.certprofile.enduser
|
The certificate profile/template to be used when signing the Ephemeral Certficate |