Cryptographic Security Platform 1.2 - PKI Hub 1.3 installation and administration [PDF][Releases]

See below for creating a public enrollment form.

To create a public enrollment form

Log in as an administrator with either:
- The global_admin role.
- The <ca>_admin role for the certificate authority you will configure in the public enrollment form.
- A Certificate Role for the same certificate authority and certificate profile you will configure in the public enrollment form.
Go to Control > Public Enrollment Forms.
Click Create to configure the following configuration parameters.
Click Create to expose the generated form on the Internet.
Click Copy on the main grid to obtain the public URL.

Name

The identifier of the public enrollment form.

Mandatory: Yes

Owner

The email address of the person responsible for the public enrollment form.

The user who creates the public enrollment form is automatically made the owner. You can later edit this field and assign ownership to someone else.

Mandatory: Yes

Description

A description of the public enrollment form.

Mandatory: No

Custom Fields

The Custom Fields whose value will be requested by the public enrollment form.

Mandatory: No

Authority

The Authority to issue the enrolled certificates.

Mandatory: Yes

Profile

The certificate authority profile to issue the enrolled certificates.

Mandatory: Yes

Profile Key Type

The key type specified by the Profile, if any.

Mandatory: Yes

Override required key type

Whether to override the Profile Key Type and allow different key types. This field is only displayed to the user when:

The profile is a CSR profile for a client-side-generated key.
This field is not displayed for PKCS #12 profiles. Because the CA controls key generation, the user cannot choose the key type.
The Profile Key Type value is Unspecified.

Mandatory: When requested by the selected Profile.

Select allowed key types

The key types supported by the Certificate Signing Request. This field is only displayed to the user when:

The profile is a CSR profile for a client-side-generated key.
This field is not displayed for PKCS #12 profiles. Because the CA controls key generation, the user cannot choose the key type.
The Profile Key Type value is Unspecified, or the Override key type setting is enabled.

Mandatory: When required by the selected profile.

Minimum RSA Key Length

The minimum bit length for the RSA-type keys. This field is only displayed to the user when the profile is a CSR profile for a client-side-generated key.

This field is not displayed for PKCS #12 profiles. Because the CA controls key generation, the user cannot choose the key type.

Mandatory: When requested by the selected Profile.