Home > User Interface > Configuration > Integration > PKI > PKI Templates
Logo

PKI Templates

Menu path: Configuration > Integration Overview > PKI Templates.

Creating a New Template

Templates define the type of information that will automatically be inserted into a generated certificate.

To create a new template, select , and then the name of the previously created CA. Select an existing template to view its contents. Existing entries offer two operations:
Two types of templates may be created depending on their use:
Note

Note

The pfpki service must be restarted after each template is created. Use the button above the table.

Creating a General Template

Select the General tab from the top of the page. The dialog for creating general templates has the following fields:

Field Usage Example
Certificate Authority The name of the CA associated with the template. This is selected when this dialog is first presented, but may be changed. Example_Root_CA
Name The name of the template, which should specify its intended use. User_Certificate
Validity The period of time that the certificate will be valid for, expressed in days. 365
Key Type The type of key to be generated for the CA's keys. One of:
  • KEY_ECDSA
  • KEY_RSA
  • KEY_DSA
 KEY_RSA
Key Size The size of the keys to be generated. One of:
  • 2048
  • 4096
 2048
Digest The type of cryptographic checksum to be generated. One of:
  • MD(2,5)WithRSA
  • SHA(1,256,384,512)WithRSA
  • ECDSAWithSHA(1,256,384,512)
  • SHA(256,384,512)WithRSAPSS
  • PureEd25519
 SHA256WithRSA
Key Usage The permitted usage types for the certificate. One or more of:
  • digitalSignature
  • nonRepudiation
  • keyEncipherment
  • dataEncipherment
  • keyAgreement
  • keyCertSign
  • cRLSign
  • encipherOnly
  • decipherOnly

If no values are specified, all uses are permitted.
Extended Key Usage Additional usage types for the certificate. One or more of:
  • serverAuth - required if a certificate will be installed on a server
  • clientAuth - required if a certificate will be installed on a client.
  • codeSigning
  • emailProtection
  • timeStamping
  • msCodeInd
  • msCodeCom
  • msCTLSign
  • msSGC
  • msEFS
  • nsSGC

If no values are specified, all extended uses are permitted.

 ServerAuth, ClientAuth

Select the button to save the template.

Creating a PKCS 12 Template

The PKCS 12 template is used to define the contents of an email message that will be sent to the certificates owner with a password for the PKCS 12 certificate bundle that contains the certificate and its associated private key. The fields in the form used to define the template are:

Field Usage Example
P12 Mail Password Select if the password for the PKCS 12 file should be emailed to the recipient.
P12 Mail Subject The subject of the email. Password for your certificate bundle.
P12 Mail From The email address of the email sender. admin@example.com
P12 Mail Header The header of the email message. The content may be simple text or HTML. Use the following password to decrypt your certificate.
P12 Mail Footer The footer of the email. The content may be simple text or HTML. Call IT if you have any problems.

Select the button to save the template.

Copyright © 2020 Extreme Networks. All rights reserved. Published December 2020.