In this step you can create an attribute profile. An attribute profile is a set of parameters configured within the ADSS Certification Service which define characteristics of the attribute certificates (e.g. lifetime of the certificate along with certificate extensions etc) that will be generated by the service. The advantage of configuring a attribute profile on ADSS Server is that client applications do not need to pass these parameters within each service request message, but can simply refer to a particular configured attribute profile. ADSS Server allows the flexibility to override the profile attributes if specifically allowed within the profile settings. 

Navigate to the following location in the ADSS Server Console:

This shows a table of existing attribute profiles. These can be edited or deleted.


To create a new profile, click the New button, this will present the following form:

The configuration items are as follows:

Items

Description

Status

A certification profile may be marked Active or Inactive. Note an inactive attribute profile will not be used to process certification requests.

Profile ID

A system-defined unique identifier for this profile. This must be referenced in certification service requests if this attribute profile is to be used by the client application.

Profile Name

An Operator-defined unique name for easier human recognition within the ADSS Operator Console. This could be referenced instead of Profile ID in certification service requests if this attribute profile is to be used by the client application.

Profile Description

This can be used to describe the attribute profile in more detail (e.g. in which circumstances this attribute profile will be used and/or what sort of setting the attribute profile holds etc). This is for information purposes only.

Attribute Authority

Select an internal Attribute Authority (AA) that is configured to handle certification requests from the ADSS Certification Service.

Note: The drop-down menu will only show those internal AAs that have already been configured (see Local AAs for further details).  

Hash Algorithm

The selected hashing algorithm is used as part of the attribute certificate generation process. The following hashing algorithms are available:    

  • SHA1, SHA224, SHA256, SHA384, SHA512

Validity Period

Set the validity period for how long the certificate will be valid.  
These time units are supported:  Minute(s),  Hour(s),  Day(s),  Month(s),  Year(s)

Overridable
Set this flag to indicate whether the validity period configured in the attribute profile can be overridden by the client application by passing validity parameters in the certification request message.

Attribute Certificate Extensions

These flags define whether the selected extensions are added to the attribute certificate. The supported extensions are:

  • Audit Identity
  • No Revocation Available
  • Autonomous Cert
  • Friendly Name
  • Content Version
  • Authority Key Identifier (AKI)
  • Authority Information Access (AIA)
  • CRL Distribution Point (CDP)


Critical
Setting the critical flag marks the relevant extension as critical


The list of existing attribute profiles can be sorted in either ascending or descending order by selecting a table column from the drop down list. 

Clicking on the Search button on the Attribute Profile main page will display following screen:

This helps to locate a particular type of attribute profile generated in the Certification Service. The profile can be searched based on Status, Profile ID, Profile Name, Attribute Authority Name, Validity Period. If a search is based on multiple values, then these will be combined together using the “AND” operand, and thus only records that meet all the criteria will be presented.


If "_" character is used in the search then it will act as wildcard.


See also

Creating a Certification Profile
Creating a CV Certificate Profile