Create Issuing Template

In this section, you can establish the guidelines and criteria for issuing certificates. This template outlines the necessary attributes, constraints, and policies for certificate requests.

When creating a template, you can choose Qualys or User Generated options for Certificate Signing Request (CSR) generation. These options are accessible during the request process, allowing flexibility to meet your needs.  You can also select individual options such as only Qualys Generated or only User Generated. Your selection ensures that the certificate issuance aligns with your specific requirements.

When you choose the Qualys Generated option, you must provide the CSR parameters such as Common Name, DNS etc. Certificate View creates a job for  Qualys Agent to generate the Private Key/CSR based on the CSR information provided.

When you choose User Generated, the user needs to provide CSR. Certificate View validates all the fields.

Issuing a template is not required for EJBCA, as it maintains its own end entity profile similar to a template.

Create Issuing Template

When you create a template and enter various input parameters, these parameters are validated during the creation of the CSR based on the information provided in the template.

Your certificate is created based on the template used.

Follow these steps for creating Issuing Templates.

  1. Navigate to Configuration Issuing Template > Create New.

    Create New: Issuing Template window is displayed.

  2. Provide Name for the template.
  3. To generate a CSR  (Certificate Signing Request), select the options you want to be accessible during the request process. 
    The options are Qualys or User Generated, Qualys Generated or User Generated.
  4. (Optional) Provide the Common Name and Subject Alternative Names.
    You can provide multiple options separated by commas.

    You can specify how to handle the common name and subject alternative name using Regular Expressions (Regex). These fields allow for the use of complex patterns, employing special characters (e.g., *, [a-z], etc.) to create powerful matching rules. 

    If you leave the field blank, the system will not apply any pattern and will instead use the values you provide when creating the Certificate Signing Request (CSR).

    • (Optional) You can select the options such as Disable, Required, and Validation is Required. 
      Disable:  If the checkbox is selected, field must be empty at the time of request.
      Required: You need to enter the field at the time of request. It will be a mandatory field at the time of the request
      Validation is Required: When user enters the field, it must match against the regex or value.

      You can choose options for the Common Name, Subject Alternative Names, Advanced SAN Options, and CSR Parameters.

    • (Optional) Validate your inputs using the Test option. 
      You can check your Regex expression using Test.
    • (Optional) Provide Advance SAN Options, such as IP Addresses (SAN), Email Addresses (SAN), and URI (SAN).
  5. Provide CSR Parameters such as Organization (O)Organization Unit (OU)Locality ( L)State (ST), and Country (C).

    All these parameters must use a comma (,) as the separator

  6. From the drop-down, select Key Algorithms.
  7. Switch the toggle ON to Allow Private Key Usage.

Your newly created template is listed on Issuing Template page.

Viewing Issuing template page.

Manage Issuing Template

You can manage issuing Template by using the Quick Actions menu to View, Edit, Delete, and Set as default.

You can set one Issuing Template as default. This is helpful for actions that require the default issuing template while creating a job. 

You can not delete a issuing template if the template is used in any of the jobs.

View actions for Issuing Template

 

© Qualys, Inc. All rights reserved. Privacy Policy.