Common configuration elements for profiles

This section details how to configure sections that are common to all profiles

Common configuration for profiles tab

Common configuration for profiles

Languages

1. Click on add button.

2. Fill in the mandatory fields.

  • Language* (string input):
    Select a language.

  • Display Name* (string input):
    Enter a display name.

  • Description (string input):
    Enter a description.

You can add more by clicking on the add button again or delete Delete Connector the language.

Labels

1. Click on add button.

2. Fill in the mandatory fields.

  • Element* (string input):
    Select a preexisting label.

  • Mandatory (boolean):
    Tells whether the label is mandatory. The default value is set to false.

  • Editable by requester (boolean):
    Tells whether the label is editable by the requester. The default value is set to false.

  • Editable by approver (boolean):
    Tells whether the label is editable by the approver. The default value is set to false.

  • Default value (string input):
    Set a default value to the label. This value must comply with the value restriction.

  • Label value restriction

    • Whitelist (string input multiple):
      The label value will have to be in the whitelist. Enter the label value and press "enter" to add this value to the accepted value list.

    • Regex (string input):
      The label value will have to match the regex. Enter the regular expression en click on the check button to set the regex.

You can delete Delete label or reorder (drag and drop) Reorder label the label template.

Owner Policy

1. Specify the request’s owner policy (only used in EST, SCEP and WEBRA prevalidated request).

  • Editable by requester (boolean):
    Specify if the certificate’s owner can be overridden by the requester when submitting a request.

  • Editable by approver (boolean):
    Specify if the certificate’s owner can be overridden by the requester when approving a request.

Team Policy

1. Specify the request’s team policy (only used in EST, SCEP and WebRA prevalidated request).

  • Editable by requester (boolean):
    Specify if the certificate’s team can be overridden by the requester when submitting a request.

  • Editable by approver (boolean):
    Specify if the certificate’s team can be overridden by the requester when approving a request.

  • Team restriction

    • Whitelist (string input multiple):
      The team will have to be in the whitelist. Enter the team and press "enter" to add this value to the accepted whitelist.

    • Regex (string input):
      The team will have to match the regex. Enter the regular expression and click on the check button to set the regex.

  • Default team (string input):
    Set a default team. This value must comply with the team restriction.

Metadata policy (overridable metadata)

== Metadata are used by Horizon or Third party connectors, updating them should be done with utmost care. ==
== The contact email metadata default value is set to editable by the requester and the approver. ==

1. Click on add button.

  • Metadata* (select):
    Select a metadata.

  • Editable by requester (boolean):
    Tells whether the metadata is editable by the requester. The default value is set to false.

  • Editable by approver (boolean):
    Tells whether the metadata is editable by the approver. The default value is set to false.

Authorization Levels

1. Select an authorization level for each workflow.

Schema 2

  • *Everyone:
    No authentication is required.

  • Authenticated:
    User has to be authenticated.

  • Authorized:
    User has to be authenticated and have an explicit authorizations.

Schema 2

2. Select an access level for identity providers.

You can remove the access level for an identity provider by clicking on 'x'.

Requests time to live (TTL)

1. Enter a time for each request.

  • Enrollment request* (finite duration):
    Must be in valid finite duration. The default value is set to one hour.

  • Revocation request* (finite duration):
    Must be in valid finite duration. The default value is set to one hour.

  • Update request* (finite duration):
    Must be in valid finite duration. The default value is set to one hour.

  • Migration request* (finite duration):
    Must be in valid finite duration. The default value is set to one hour.

  • Recover request (finite duration):
    Must be in valid finite duration. This field is enabled when Private key escrowing is set to on (Specfic configuration tab > Crypto Policy).

Constraints

ACME, EST, SCEP and WCCE protocols.

1. Fill in the mandatory fields.

  • RSA Minimal Key size (select):
    Select the allowed RSA key size(s).

  • Allowed EC curves (select):
    Select the allowed elliptic curve algorithms.

  • Allowed email domains (string input):
    Enter a valid regular expression that the inputted domain should match.

  • Allowed DNS domains (string input):
    Enter a valid regular expression that the inputted domain should match.

CSR Data Mapping

1. Click on add button.

2. Select a field and enter a value.

You can add more by clicking on the add button again or delete Delete mapping the CSR Data Mapping.

Notification

Notifications configuration tab

Prerequisites

Mail, Messaging

How to manage Notification for profiles

Certificate lifecycle notifications

Notifications are sent when one of the following event is triggered by a certificate:

Enrollment

Revocation

Expire

Update

Migrate

1. Chose notifications to be sent on certificate event.

Request lifecycle notifications

Notifications are sent when one of the following event is triggered by a request:

  • Enroll/Revocation/Update/Migrate request :

Submit

Cancel

Revoke

Approve

Pending

You can delete Delete notification the Notification for profile.