2.4. Enabling and Disabling Certificate Profiles

Any certificate profiles that have been configured by an administrator are listed in the Manage Certificate Profiles page of the agent services page, which is accessed through the Manage Certificate Profiles link in the left menu of the CA agent services page.
The Manage Certificate Profiles page contains all of the certificate profiles that have been set up by an administrator. It shows the name of the certificate profile, a short description of the certificate profile, whether this is an end user certificate profile, whether the certificate profile has been approved and enabled, and, if approved, which agent user ID approved the request.
List of Certificate Profiles

Figure 2.1. List of Certificate Profiles

2.4.1. Viewing Certificate Profile Information

Information about any certificate profile is available by clicking the name of the certificate profile, which is linked to the Approve Certificate Profile page. This page lists information about the certificate profile and allows an agent to approve a certificate profile or disable a previously-approved certificate profile. An approved certificate profile can only be disabled by the agent who originally approved it.
To view a profile, open its Approve Certificate Profile page:
  1. Click the Manage Certificate Profiles link in the left menu.
  2. Click the profile name in the list of profiles.
Profile Page

Figure 2.2. Profile Page

If the End User field of the certificate profile is marked true, then this certificate profile appears as an enrollment form in the end entities page. If the End User field of the certificate profile is marked false, then this certificate profile does not appear in the end entities page. This parameter determines whether the certificate profile needs to be received from the end entities page in order to be processed.
Each policy has a policy information section which shows a table for each policy set. A certificate profile usually has one policy set. If the enrollment is for dual key pairs, then there are two policy sets, one for the signing certificate and one for the encryption certificate. The policy set defines all of the defaults and constraints that have been set for the requested certificate. For dual key pairs, two certificates are requested, one for the signing key and one for the encryption key.
The policy set table in the policy information sections contains the following information for the policy set:
  • #. The policy ID number (#) for this set of defaults and constraints.
  • Defaults [Extensions/Fields]. The defaults set to define certificate content, including extensions.
  • Constraints. The constraints placed on the certificate content. The certificate content in the requested certificate must comply with these constraints in order to be issued. If the constraint value is left blank or is set to a dash (-), then applying the constraint is optional, and the issued certificate is not constrained.

2.4.2. Enabling or Disabling a Certificate Profile

To enable (approve) or disable a certificate profile:
  1. Go to the Manage Certificate Profiles page, and click on a certificate profile name.
  2. Open the Approve Certificate Profile page for that certificate profile.
  3. Click the Approve button at the bottom of the page to enable the profile or Disable to disable it.


    It is only possible to disable a certificate profile after it has been approved. New profiles are disabled by default and must be enabled before they can be used.
After a certificate profile is approved, it appears in the end entities page, which allows an end entity to use that certificate profile to enroll for a certificate. Likewise, once a certificate profile is disabled, it is no longer available in the end entities page for end entities to use to enroll for certificates.


When a certificate profile is enabled, administrators cannot change any aspect of the certificate profile. The certificate profile must first be disabled before an administrator to modify the certificate profile.