2.3. List of Certificate Profiles

The following pre-defined certificate profiles are ready to use when the Certificate System CA is installed. These certificate profiles have been designed for the most common types of certificates, and they provide common defaults and constraints, authentication methods, authorization methods, and inputs and outputs. These profiles can be edited or new profiles added as necessary.

Table 2.1. List of Certificate Profiles

Profile ID Profile Name Description
caAdminCert Security Domain Administrator Certificate Enrollment Enrolls Security Domain Administrator's certificates with LDAP authentication against the internal LDAP database.
caAgentFileSigning Agent-Authenticated File Signing This certificate profile is for file signing with agent authentication.
caAgentServerCert Agent-Authenticated Server Certificate Enrollment Enrolls server certificates with agent authentication.
caCACert Manual Certificate Manager Signing Certificate Enrollment Enrolls Certificate Authority certificates.
caCMCUserCert Signed CMC-Authenticated User Certificate Enrollment Enrolls user certificates by using the CMC certificate request with CMC Signature authentication.
caDirUserCert Directory-Authenticated User Dual-Use Certificate Enrollment Enrolls user certificates with directory-based authentication.
caDirUserRenewal Directory-Authenticated User Certificate Self-Renew profile Renews user certificates, with directory-based authentication.
caDualCert Manual User Signing & Encryption Certificates Enrollment Enrolls dual user certificates. It works only with Netscape 7.0 or later.
caDualRAuserCert RA Agent-Authenticated User Certificate Enrollment Enrolls user certificates with RA agent authentication.
caFullCMCUserCert Signed CMC-Authenticated User Certificate Enrollment Enrolls user certificates by using the CMC certificate request with CMC Signature authentication.
caInstallCACert Manual Security Domain Certificate Authority Signing Certificate Enrollment Enrolls Security Domain Certificate Authority certificates.
caInternalAuthAuditSigningCert Audit Signing Certificate Enrollment Enrolls a signing certificate to use for signing audit logs; used automatically during any subsystem configuration, with the exception of the RA.
caInternalAuthDRMstorageCert Security Domain DRM Storage Certificate Enrollment Enrolls DRM storage certificates for DRMs within a security domain; used automatically during a DRM configuration.
caInternalAuthOCSPCert Security Domain OCSP Manager Signing Certificate Enrollment Enrolls Security Domain OCSP Manager certificates.
caInternalAuthServerCert Security Domain Server Certificate Enrollment Enrolls Security Domain server certificates.
caInternalAuthSubsystemCert Security Domain Subsystem Certificate Enrollment Enrolls Security Domain subsystem certificates.
caInternalAuthTransportCert Security Domain Data Recovery Manager Transport Certificate Enrollment Enrolls Security Domain Data Recovery Manager transport certificates.
caManualRenewal Renew certificate to be manually approved by agents Renews a certificate, with manual agent approval.
caOCSPCert Manual OCSP Manager Signing Certificate Enrollment Enrolls OCSP Manager certificates.
caOtherCert Other Certificate Enrollment Enrolls other certificates.
caRAagentCert RA Agent-Authenticated Agent User Certificate Enrollment Enrolls RA agent user certificates with RA agent authentication.
caRACert Manual Registration Manager Signing Certificate Enrollment Enrolls Registration Manager certificates.
caRARouterCert RA Agent-Authenticated Router Certificate Enrollment Enrolls router certificates after agent approval (as opposed to automatic enrollment).
caRAserverCert RA Agent-Authenticated Server Certificate Enrollment Enrolls server certificates with RA agent authentication.
caRouterCert One Time Pin Router Certificate Enrollment Enrolls router certificates using an automatically-generated, one-time PIN that the router can use to retrieve its certificate.
caServerCert Manual Server Certificate Enrollment Enrolls server certificates.
caSignedLogCert Manual Log Signing Certificate Enrollment Enrolls audit log signing certificates.
caSimpleCMCUserCert Simple CMC Enrollment Enrolls user certificates by using the CMC certificate request with CMC Signature authentication.
caSSLClientSelfRenewal Self-renew user SSL client certificates Renews certificates using certificate-base authentication.
caTempTokenDeviceKeyEnrollment Temporary Device Certificate Enrollment Enrolls temporary keys to be used by servers or other network devices on a token; used by the TPS for smart card enrollment operations. These are temporary keys, valid for about a week, and intended to replace a temporarily lost token.
caTempTokenUserEncryptionKeyEnrollment Temporary Token User Encryption Certificate Enrollment Enrolls an encryption key on a token; used by the TPS for smart card enrollment operations. These are temporary keys, valid for about a week, and intended to replace a temporarily lost token.
caTempTokenUserSigningKeyEnrollment Temporary Token User Signing Certificate Enrollment Enrolls a signing key on a token; used by the TPS for smart card enrollment operations. These are temporary keys, valid for about a week, and intended to replace a temporarily lost token.
caTokenDeviceKeyEnrollment Token Device Key Enrollment Enrolls keys to be used by servers or other network devices on a token; used by the TPS for smart card enrollment operations.
caTokenMSLoginEnrollment Token User MS Login Certificate Enrollment Enrolls key to be used by a person for logging into a Windows domain or PC; used by the TPS for smart card enrollment operations.
caTokenUserEncryptionKeyEnrollment Token User Encryption Certificate Enrollment Enrolls an encryption key on a token; used by the TPS for smart card enrollment operations.
caTokenUserEncryptionKeyRenewal smart card token encryption cert renewal profile Renews an encryption key that was enrolled on a token using the caTokenUserEncryptionKeyEnrollment profile; used by a TPS subsystem.
caTokenUserSigningKeyEnrollment Token User Signing Certificate Enrollment Enrolls a signing key on a token; used by the TPS for smart card enrollment operations.
caTokenUserSigningKeyRenewal smart card token signing cert renewal profile Renews a signing that was enrolled on a token using the caTokenUserSigningKeyEnrollment profile; used by a TPS subsystem.
caTPSCert Manual TPS Server Certificate Enrollment Enrolls TPS server certificates.
caTransportCert Manual Data Recovery Manager Transport Certificate Enrollment Enrolls Data Recovery Manager transport certificates.
caUserCert Manual User Dual-Use Certificate Enrollment Enrolls user certificates.
caUUIDdevicecert Manual device Dual-Use Certificate Enrollment to contain UUID in SAN Enrolls certificates for devices which must contain a unique user ID number (UUID) as a component in the certificate's subject alternate name extension.
DomainController Domain Controller Enrolls certificates to be used by a Windows domain controller.