Follow the steps below to create a certificate profile suitable for SSL/TLS servers, such as web servers.

• Under CA Functions, click Certificate Profiles.

• Enter a name for your end entity certificate profile, for example SSLServerCertificateProfile, and click Add.

• Select SSLServerCertificateProfile and click Edit Certificate Profile.

• Under Validity enter 365d (1 year validity).

• Under Key usage, choose Digital Signature and Key encipherment (Ctrl-click to select multiple).

• Clear Allow Key Usage Override.

• Select Use Extended Key Usage.

• Under Extended Key Usage, choose Server Authentication.

• Under Available bit lengths, select 1024 bit, 2048 bit and 4096 bit.

• Under Available CAs, choose your CA ManagementCA (the CA you use to issue server certificates).

• Under Type, select End Entity.

• Click Save.

To create a new Certificate Profile using an existing profile as template, do the following:

• In the list of certificate profiles, click clone the fixed profile SERVER.

• Enter a name for your end entity certificate profile, for example SSLServerCertificateProfile, and click Create from template.

• Click Save.