Create an End Entity Profile for SSL Servers

Follow the steps below to create an end entity profile suitable for SSL/TLS servers, such as web servers.

You should previously have created the certificate profile for SSL servers according to Create a Certificate Profile for SSL Servers.

  1. Under RA Functions, click Edit End Entity Profiles.

  2. Enter a name for your end entity profile, for example "SSLServerEndEntityProfile", and click Add.

  3. Select SSLServerEndEntityProfile and click Edit End Entity Profile.

  4. Under Subject DN Fields select O, Organization and click Add.

  5. At O, Organization enter EJBCA Edu, select required and clear the modifiable option.

  6. Under Subject DN Fields, select C, Country and click Add.

  7. At C, Country enter SE, select required and clear the modifiable option.

  8. Under Subject Alternative Fields, select DNS Name and click Add.

  9. Clear Use at Email Domain.

  10. Under Default Certificate Profile, select SSLServerCertificateProfile (created earlier).

  11. Under Available Certificate Profiles, select SSLServerEndEntityCertificateProfile.

  12. Under Default CA, select ManagementCA (the CA you use to issue server certificates).

  13. Under Available CAs, select ManagementCA (same as above).

  14. Under Default Token, select User Generated.

  15. Under Available Tokens, select User Generated, P12, JKS and PEM (Ctrl-click to select multiple).

  16. Click Save.