Enabling And Disabling Certificate Profiles; Getting Certificate Profile Information; End User Certificate Profile; Policy Information - Red Hat CERTIFICATE SYSTEM 7.2 - AGENT GUIDE Manual

5. Enabling and Disabling Certificate Profiles

Any certificate profiles that have been configured by an administrator are listed in the Manage Certificate Profiles page
of the agent services page, which is accessed through the Manage Certificate Profiles link in the left menu of the CA
agent services page.
The Manage Certificate Profiles page contains all of the certificate profiles that have been set up by an administrator. It
shows the name of the certificate profile, a short description of the certificate profile, whether this is an end user certificate
profile, whether the certificate profile has been approved and enabled, and, if approved, which agent under ID approved
the request.

5.1. Getting Certificate Profile Information

Information about any certificate profile is available by clicking the name of the certificate profile, which is linked to the
Approve Certificate Profile page. This page lists information about the certificate profile and allows an agent to approve
a certificate profile or disable a previously-approved certificate profile. An approved certificate profile can only be dis-
abled by the agent who originally approved it.

5.2. End User Certificate Profile

If the End User field of the certificate profile is marked true, then this certificate profile appears as an enrollment form
in the end-entities page. If the End User field of the certificate profile is marked false, then this certificate profile does
not appear in the end-entities page. This parameter determines whether the certificate profile needs to be received from the
end-entities page in order to be processed.

5.3. Policy Information

Each policy has a policy information section which shows a table for each policy set. A certificate profile usually has one
policy set. If the enrollment is for dual key pairs, then there are two policy sets, one for the signing key and one for the en-
cryption key. The policy set defines all of the defaults and constraints that have been set for the requested certificate. For
dual key pairs, two certificates are requested, one for the signing key and one for the encryption key.
The policy set table in the policy information sections contains the following information for the policy set:
• #. The ID number (#) for this set of defaults and constraints.
• Defaults [Extensions/Fields]. The defaults set to define certificate content, including extensions.
• Constraints. The constraints placed on the certificate content. The certificate content in the requested certificate must
comply with these constraints in order to be issued.

5.4. Approving a Certificate Profile

To approve a certificate profile, do the following:
1. Go to the Manage Certificate Profiles page, and click on a certificate profile name.
2. Open the Approve Certificate Profile page for that certificate profile.
3. Click on the Approve button at the bottom of the page.
After a certificate profile is approved, it appears in the end-entities page, which allows an end entity to use that certificate
profile to enroll for a certificate.
Once a certificate profile is enabled, administrators cannot change any aspect of the certificate profile. The certificate pro-
file must first be disabled before an administrator to modify the certificate profile.

5.5. Disapproving a Certificate Profile

A certificate profile can only be disabled by the agent who approved the certificate profile.
To disable a certificate profile, do the following:
5.1. Getting Certificate Profile In-
formation
17 Chapter 2. CA: Working with Certificate