Help Center/ Edge Data Center Management/ User Guide/ System/ About/ Certificate Management/ Creating Certificate Application Templates
Updated on 2022-04-02 GMT+08:00
View PDF
Share

Creating Certificate Application Templates

Prerequisites

  • You have the following permissions: Query Certificate Application Template, Manage Certificate Application Template, and Delete Certificate Application Template.
  • You have obtained the certificate format, validity period, key algorithm, key length, certificate type, key usage, and extended key usage from the interconnected CA, ensuring that the planned certificate information is correct.
  • You have planned the information about the certificate, such as the certificate format, common name (CN), country or region (C), province or state (ST), city (L), organization (O), department (OU), validity period, key algorithm, and key length, subject alternative name, certificate type, key usage, and extended key usage.

Context

  • The validity period of a certificate applied from the CA is jointly determined by the customized validity period, validity period of the CA root certificate, maximum validity period supported by the CA, and validity period of the application template supported by the CA. Generally, the validity period does not exceed the maximum validity period supported by the CA and the validity period of the application template supported by the CA. The actual validity period depends on the interconnected CA.
  • Table 1 describes the certificate formats, key algorithms, key lengths, certificate types, key usages, and extended key usages supported by certificate management.
    Table 1 Certificate information

    Parameter

    Description

    Certificate Format

    Format of the certificate.

    • PEM
    • PKCS12

    Key algorithm

    Key algorithm of the certificate.

    • RSA
    • ECDSA
      NOTE:

      RSA whose length is 2047 bits or shorter is insecure. You are advised to use the certificate encrypted by RSA whose length is 3072 bits or longer.

    Key length
    • Length of the RSA certificate key:
      • 2048
      • 3072
      • 4096
      • 6144
      • 8192
    • Length of the ECDSA certificate key:
      • 256
      • 384
      • 521

    Certificate type

    Type of the certificate.

    • End Entity: Select this type if you do not need to use the key corresponding to the certificate to issue the certificate.
    • CA: Select this type when you need to use the corresponding key to issue a certificate.

    Key usage

    Usage of the certificate key.

    • Digital signature: Select this usage if the certificate requires identity authentication and data integrity authentication.
    • Non-repudiation: Select this usage if the certificate requires authentication on the digital signature of the public key to prevent the signing entity from denying its requests.
    • Key encipherment: Select this usage if the certificate requires an encryption protocol.
    • Data encipherment: Select this usage if the certificate encrypts its application data.
    • Key agreement: Select this usage if the public key is used by the sender and receiver to encrypt data during communication through plaintext agreement.
    • Certificate signing: Select this usage if the public key authenticates the certificate signature. It can only be used as a proxy certificate.
    • CRL signing: Select this usage if the public key of the certificate is used to verify the signature on the revocation information.
    • Encipher only: Select this usage if Key agreement is selected. The public key is used only for encrypting data during the agreement.
    • Decipher only: Select this usage if Key agreement is selected. The public key is used only deciphering data during the key agreement.

    Extended key usage

    Extended usage of the certificate key.

    • Server authentication: TLS WWW server authentication. Select this usage when Digital signature, Key encipherment, or Key agreement in Key usage is selected.
    • Client authentication: TLS WWW client authentication. Select this usage when Digital signature or Key agreement in Key usage is selected.
    • Email protection: Email protection. Select this usage when the Digital signature, Non-repudiation, Key encipherment, or Key agreement in Key usage is selected.

Procedure

  1. Choose System > About > Certificate Management from the main menu.
  2. In the navigation pane, choose Online Certificate Update > Certificate Application Templates.
  3. Click Create.
  4. Configure the template parameters as required.
  5. Click OK.

Related Tasks

  • Modify the certificate template.

    Click in the Operation column of the row that contains the desired certificate template to modify the template information.

  • Delete the certificate template.

    Click in the Operation column of the row that contains the desired certificate template to delete the template.

Parent topic: Certificate Management