Skip to main content

Create RA Profile

When the connection with the Authority is successfully established, we can create a service for certificate management. We call it RA Profile.

Create RA Profile using the API

RA Profile can be created using the RA Profile API. However, before creating it, we need know the required Attributes for the RA Profile. We can get that using the Authority API and the following request:

curl -X GET \
  --cacert [ca-cert] \
  --cert [client-cert] \
  --cert-type [type] \
  -H "Accept: application/json" \
  https://[domain]:[port]/api/v1/authorities/83265efb-35a1-4b48-ae6f-1269b7c41668/raProfiles/attributes
  #https://[domain]:[port]/api/v1/authorities/{uuid}/raProfiles/attributes

This returns the list of applicable attributes for the RA Profile, such as:

[
    {
        "uuid": "87a94421-c5d8-4a23-bb2c-bbee76cb4ea9",
        "name": "template",
        "content": [
            {
                "value": "CodeSigning"
            },
            {
                "value": "EnrollmentAgent"
            },
            ...
            {
                "value": "SubCA"
            },
            {
                "value": "Administrator"
            }
        ],
        "label": "Template",
        "type": "STRING",
        "required": true,
        "readOnly": false,
        "visible": true,
        "list": true,
        "multiSelect": false
    },
    {
        "uuid": "1467ffaa-445c-11ec-81d3-0242ac130003",
        "name": "caAdcs",
        "content": [
            {
                "value": "vmi307469.3key.local\\Demo MS Sub CA"
            }
        ],
        "label": "Certification Authority",
        "type": "STRING",
        "required": true,
        "readOnly": false,
        "visible": true,
        "list": true,
        "multiSelect": false
    }
]

Knowing the attributes, we can create the RA Profile using the following request:

curl -X POST \
  --cacert [ca-cert] \
  --cert [client-cert] \
  --cert-type [type] \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  --data '
  {
    "name": "Web Server RA Profile",
    "authorityInstanceUuid": "83265efb-35a1-4b48-ae6f-1269b7c41668",
    "description": "Quick start",
    "enabled": true,
    "attributes": [
      {
        "name": "template",
        "content": {
          "value": "WebServer"
        }
      },
      {
        "name": "caAdcs",
        "content": {
          "value": "vmi307469.3key.local\\Demo MS Sub CA"
        }
      }
    ]
  }' \
  https://[domain]:[port]/api/v1/authorities/83265efb-35a1-4b48-ae6f-1269b7c41668/raProfiles
  #https://[domain]:[port]/api/v1/authorities/{uuid}/raProfiles

When the RA Profile is successfully created, its uuid is sent back:

{
  "uuid": "e045a12a-e114-45ed-90b8-bac7e750e803"
}

Create RA Profile using the Web Interface

Create RA Profile to manage certificates with the specific certificate template.

  1. Click RA Profiles in the left menu
  2. Click Add new RA Profile (plus symbol )
  3. Fill the columns with the attributes:
    • RA Profile Name: ADCS-WebServer
    • Description: RA profile for webserver certificates
    • Select Authority: MS ADCS authority
    • Template: WebServer
    • Certification Authority: your system certificate authority
  4. Click Create
  5. Click Enable to make RA Profile ready for using, the RA Profile Status would be changed to Enabled.