See below for creating a public enrollment form.
To create a public enrollment form
- Log in as an administrator with either:
- The global_admin role.
- The <ca>_admin role for the certificate authority you will configure in the public enrollment form.
- A Certificate Role for the same certificate authority and certificate profile you will configure in the public enrollment form.
- Go to Control > Public Enrollment Forms.
- Click Create to configure the following configuration parameters.
- Click Create to expose the generated form on the Internet.
- Click Copy on the main grid to obtain the public URL.
Name
The identifier of the public enrollment form.
Mandatory: Yes
Owner
The email address of the person responsible for the public enrollment form.
The user who creates the public enrollment form is automatically made the owner. You can later edit this field and assign ownership to someone else.
Mandatory: Yes
Description
A description of the public enrollment form.
Mandatory: No
Custom Fields
The Custom Fields whose value will be requested by the public enrollment form.
Mandatory: No
Authority
The Authority to issue the enrolled certificates.
Mandatory: Yes
Profile
The certificate authority profile to issue the enrolled certificates.
Mandatory: Yes
Profile Key Type
The key type specified by the Profile, if any.
Mandatory: Yes
Override required key type
Whether to override the Profile Key Type and allow different key types.
Profile | Field visibility |
---|---|
A PKCS #12 profile (the CA generates the keys) | Never displayed. |
A CSR profile | Only displayed when Profile Key Type is Unspecified. |
Mandatory: When requested by the selected Profile.
Select allowed key types
The key types supported by the Certificate Signing Requests.
Profile | Field visibility |
---|---|
A PKCS #12 profile (the CA generates the keys) | Never displayed. |
A CSR profile | Only displayed when Profile Key Type is Unspecified or Override key type is enabled. |
Mandatory: When requested by the selected Profile.
Minimum RSA Key Length
The minimum bit length for the RSA-type keys.
Profile | Field visibility |
---|---|
A PKCS #12 profile (the CA generates the keys) | Never displayed. |
A CSR profile | Always displayed. |
Mandatory: When requested by the selected Profile.