Creating an Attribute Certificate Profile
In this step you can create an attribute profile. An attribute profile is a set of parameters configured within the ADSS Certification Service which define characteristics of the attribute certificates (e.g. lifetime of the certificate along with certificate extensions etc) that will be generated by the service. The advantage of configuring a attribute profile on ADSS Server is that client applications do not need to pass these parameters within each service request message, but can simply refer to a particular configured attribute profile. ADSS Server allows the flexibility to override the profile attributes if specifically allowed within the profile settings.
Navigate to the following location in the ADSS Server Console:
This shows a table of existing attribute profiles. These can be edited or deleted.
To create a new profile, click the New button, this will present the following form:
The configuration items are as follows:
Items |
Description |
Status |
A certification profile may be marked Active or Inactive. Note an inactive attribute profile will not be used to process certification requests. |
Profile ID |
A system-defined unique identifier for this profile. This must be referenced in certification service requests if this attribute profile is to be used by the client application. |
Profile Name |
An Operator-defined unique name for easier human recognition within the ADSS Operator Console. This could be referenced instead of Profile ID in certification service requests if this attribute profile is to be used by the client application. |
Profile Description |
This can be used to describe the attribute profile in more detail (e.g. in which circumstances this attribute profile will be used and/or what sort of setting the attribute profile holds etc). This is for information purposes only. |
Attribute Authority |
Select an internal Attribute Authority (AA) that is configured to handle certification requests from the ADSS Certification Service. |
Hash Algorithm |
The selected hashing algorithm is used as part of the attribute certificate generation process. The following hashing algorithms are available:
|
Validity Period |
Set the validity period for how long the certificate will be valid. |
Attribute Certificate Extensions |
These flags define whether the selected extensions are added to the attribute certificate. The supported extensions are:
Critical |
The list of existing attribute profiles can be sorted in either ascending or descending order by selecting a table column from the drop down list.
Clicking on the Search button on the Attribute Profile main page will display following screen:
This helps to locate a particular type of attribute profile generated in the Certification Service. The profile can be searched based on Status, Profile ID, Profile Name, Attribute Authority Name, Validity Period. If a search is based on multiple values, then these will be combined together using the “AND” operand, and thus only records that meet all the criteria will be presented.
If "_" character is used in the search then it will act as wildcard. |
See also
Creating a Certification Profile
Creating a CV Certificate Profile