Creating an external subordinate CA
PKIaaS root CA currently supports two types of subordinate Certification Authorities (CAs):
TLS Proxy CA.
Azure Firewall Subordinate CA.
To create an external subordinate CA, follow the steps described in Issuing certificates. The only difference from creating an end-entity certificate is you should select the following values.
|
Field |
Value |
|
​Certificate Authority |
Select an online root CA with the External Sub-CA service. See Creating an online root CA for how to create this CA. |
|
Certificate Profile |
Select one of the External subordinate CA certificate profiles. |
An external subordinate CA issued by a PKIaaS root CA only consumes one PKIaaS Certificate license. Entrust does not charge for the certificates issued by an external subordinate CA because those certificates are considered external and not using the PKIaaS infrastructure.