To configure the ADSS Server CA as an external CA select the ADSS CA Server from the CA Type drop down. The following page will be shown to configure the ADSS CA Server:



The items in the above screen are described below:


Items

Description

CA  Alias

It is a user defined unique name for easy management of certificate authorities within ADSS Server. This is only for human identification purposes.

CA Type

Another ADSS CA Server can be configured for certification generation while front-end ADSS Server only forwards the requests to the other ADSS Server instance where CA is configured. When ADSS Server configured to forward the requests to another instance of ADSS CA Server then only following request types are supported:

  • CREATE
  • RENEW
  • REVOKE

CA Certificate

All the CA certificates configured in Trust Manager with purpose CA (will be used to verify other certificates and CRLs) will be available here for configurations. 
Select the ADSS CA which will be used to issue the target certificates. 

Note: It is required to register the complete chain of the ADSS CA in  Trust Manager

CA  Address

Define the URL that this CA listens on for certificate request messages.

TLS Client Certificate

Required for communication with the CA if ADSS CA is communicating over TLS Client Authentication. Select the TLS Client Authentication Certificate which pre-exists in the Key Manager

Note: It is required to register the Issuer CA of the TLS Client Authentication certificate in  Trust Manager with purpose CA for verifying TLS client certificates. 

Certification Profile

Specify the certification profile of the ADSS CA Server in this field. A certification profile is a set of parameters configured within the ADSS Certification Service which define characteristics of the keys (e.g. which public key algorithm and key length to be used) and the attributes of the digital certificates (e.g. subject DName details and the validity periods for the certificate) generated by the service using this profile.

Client ID

Specifies the Client ID to identify this client application to the ADSS CA Server. 

Note: See the ADSS Server Admin Guide for further details on managing client applications within ADSS Server.

Validity Period

Specify the validation period in only months for the certificate to be created or renewed.


See also

ADSS CA Server

Microsoft CA
Symantec MPKI
GlobalSign EPKI
GlobalSign HVCI
EJBCA
QuoVadis CA
Entrust CA

Entrust CA Gateway
Offline External CA
DigiCert PKI

DigiCert ONE MPKI
Microsoft Active Directory Certificate Services