3.5. Enabling and Disabling Certificate Profiles
Any certificate profiles that have been configured by an administrator are listed in the Manage Certificate Profiles page of the agent services page, which is accessed through the Manage Certificate Profiles link in the left menu of the CA agent services page.
The Manage Certificate Profiles page contains all of the certificate profiles that have been set up by an administrator. It shows the name of the certificate profile, a short description of the certificate profile, whether this is an end user certificate profile, whether the certificate profile has been approved and enabled, and, if approved, which agent under ID approved the request.
Information about any certificate profile is available by clicking the name of the certificate profile, which is linked to the Approve Certificate Profile page. This page lists information about the certificate profile and allows an agent to approve a certificate profile or disable a previously-approved certificate profile. An approved certificate profile can only be disabled by the agent who originally approved it.
If the End User field of the certificate profile is marked true, then this certificate profile appears as an enrollment form in the end entities page. If the End User field of the certificate profile is marked false, then this certificate profile does not appear in the end entities page. This parameter determines whether the certificate profile needs to be received from the end entities page in order to be processed.
Each policy has a policy information section which shows a table for each policy set. A certificate profile usually has one policy set. If the enrollment is for dual key pairs, then there are two policy sets, one for the signing key and one for the encryption key. The policy set defines all of the defaults and constraints that have been set for the requested certificate. For dual key pairs, two certificates are requested, one for the signing key and one for the encryption key.
The policy set table in the policy information sections contains the following information for the policy set:
#. The ID number (#) for this set of defaults and constraints.
Defaults [Extensions/Fields]. The defaults set to define certificate content, including extensions.
Constraints. The constraints placed on the certificate content. The certificate content in the requested certificate must comply with these constraints in order to be issued.
To approve a certificate profile, do the following:
Go to the Manage Certificate Profiles page, and click on a certificate profile name.
Open the Approve Certificate Profile page for that certificate profile.
Click on the Approve button at the bottom of the page.
After a certificate profile is approved, it appears in the end entities page, which allows an end entity to use that certificate profile to enroll for a certificate.
Once a certificate profile is enabled, administrators cannot change any aspect of the certificate profile. The certificate profile must first be disabled before an administrator to modify the certificate profile.
A certificate profile can only be disabled by the agent who approved the certificate profile.
To disable a certificate profile, do the following:
Open the Manage Certificate Profiles page, and click on a certificate profile name.
Open the certificate profile's Approve Certificate Profile page.
Click the Disapprove button at the bottom of the page.
It is only possible to disable a certificate profile after it has been approved.
Once a certificate profile is disabled, it is no longer available in the end entities page for end entities to use to enroll for certificates.