Grant permissions to the holder of the EJBCA client authorization certificate.
To configure client authorization
- Log in to the EJBCA administration GUI.
- Navigate to System Functions > Roles and Access Rules.
- Click Add to create a new one.
- Configure the following role settings.
Members
Click Members and configure the following properties.
Settings | Value |
|---|---|
Match with | Select either X.509 Certificate Serial Number or X.509: CN, Common name. |
Match value | Enter the serial number or Common Name (CN) of the certificate described in Issuing the EJBCA client certificate. |
CA | Select ManagementCA – that is, the same CA that issued the certificate described Issuing the EJBCA client certificate. |
Role Template
We recommend selecting the RA Administrators role as a template.
Access Rules
Click Access Rules and configure the following properties.
Settings | Value |
|---|---|
Authorized CAs | Select only the certificate authorities to which role holders should have access. Do not select the ManagementCA authority. |
End Entity Profiles | Select only the end entity profiles that should be available. Ensure that each end-entity profile has certificate profiles and CAs configured. |