Creating an Attribute Certificate Profile
In this step you can create an attribute profile. An attribute profile is a set of parameters
configured within the ADSS Certification Service which define
characteristics of the attribute certificates (e.g. lifetime of the certificate along with certificate extensions etc) that will be generated by the
service. The advantage of configuring a attribute profile on ADSS
Server is that client applications do not need to pass these parameters
within each service request message, but can simply refer to a
particular configured attribute profile. ADSS Server allows the
flexibility to override the profile attributes if specifically allowed
within the profile settings.
Navigate to the following location in the
ADSS Server Console:
The configuration items are as follows:
Items | Description |
Status | A certification profile may be marked Active or Inactive. Note an inactive attribute profile will not be used to process certification requests. |
Profile ID | A system-defined unique identifier for this profile. This must be referenced in certification service requests if this attribute profile is to be used by the client application. |
Profile Name | An Operator-defined unique name for easier human recognition within the ADSS Operator Console. This could be referenced instead of Profile ID in certification service requests if this attribute profile is to be used by the client application. |
Profile Description | This can be used to describe the attribute profile in more detail (e.g. in which circumstances this attribute profile will be used and/or what sort of setting the attribute profile holds etc). This is for information purposes only. |
Attribute Authority | Select an internal Attribute Authority (AA) that is configured to handle certification requests from the ADSS Certification Service. Note: The drop-down menu will only show those internal AAs that have already been configured (see Local AAs for further details). |
Hash Algorithm | The selected hashing algorithm is used as part of the attribute certificate generation process. The following hashing algorithms are available:
|
Validity Period | Set the validity period for how long the certificate will be valid. These time units are supported: Minute(s), Hour(s), Day(s), Month(s), Year(s) Overridable Set this flag to indicate whether the validity period configured in the attribute profile can be overridden by the client application by passing validity parameters in the certification request message. |
Attribute Certificate Extensions | These flags define whether the selected extensions are added to the attribute certificate. The supported extensions are:
Setting the critical flag marks the relevant extension as critical |
Clicking on the Search button on the Attribute Profile main page will display following screen:
This helps to locate a particular type of attribute profile generated in the Certification Service. The profile can be searched based on Status, Profile ID, Profile Name, Attribute Authority Name, Validity Period. If a search is based on multiple values, then these will be combined together using the “AND” operand, and thus only records that meet all the criteria will be presented.
If "_" character is used in the search then it will act as wildcard