If no certificate profile exists for the client certificate, create one as explained below.

To create a certificate profile for the client certificate

1. Log in to the EJBCA administration GUI.
2. Navigate to CA Functions > Certificate Profiles.
3. Create a new profile or clone an existing one.
4. Assign the following settings to the profile. 
   • Validity or end date of the certificate
   • Type
   • Available Key Algorithms
   • Key Usage
   • Extended Key Usage
5. Click Save.

Validity or end date of the certificate

Select an appropriate period, for example: 1y.

​Type

Select End Entity.

Available Key Algorithms

Select RSA algorithms with 2048 bits or higher.

Key Usage

Select Digital Signature.

Extended Key Usage

Select Client Authentication (TLS Web Client Authentication)