See below for how to create an issuing CA after Creating an online root CA.

To create an issuing CA

Root CA

Mandatory: Yes.

Friendly Name

Enter an informal name for the new CA.

Mandatory: Yes.

Select one of the algorithms described in Certification Authority instantiation.

Mandatory: Yes.

This view-only field displays the region of the root CA.

You cannot change the region for an issuing CA. The region of the issuing CA will be decided by the region of the root CA that signs the issuing CA.

Check box if you want to enable OCSP for this issuing CA.

You cannot change this setting after provisioning the CA.

Mandatory: No.

Select the expiry date for the CA certificate. Use the date picker or enter a date in the following format.

mm/dd/yyyy

The expiry date of an issuing CA must be earlier than the expiry date of the root CA.

Mandatory: No. If you do not assign a specific expiry date, the expiry period defaults to 10 years for issuing CAs.

Select a predefined set of certificate profiles. For example,

In this field:

Click + to display the profiles supported by each service.
Activate or deactivate each profile by checking or unchecking the corresponding box.

images/download/attachments/161534792/image-2022-11-16_11-1-59-version-1-modificationdate-1668596519479-api-v2.png

See below for a reference of the supported profiles.

Mandatory: No.

Enter a value for each field in the Distinguished Name of the CA certificate.

Mandatory: Only the Common Name certificate field.