Your browser does not allow storing cookies. We recommend enabling them.

PreviousNextUp[Front page] [Index]

Adding Entities

You can add new entities to the PKI system by clicking the Add New Entity option from the main menu.

Figure : Creating a new entity

An entity can be bound to a specific CA. This means that the certification requests by this entity are directed to the selected CA. To create a CA binding for the entity, select a CA from the list. The list works as described in Section Database Search Options.

The Entity status drop-down list displays the entity's current status. An entity is normally marked as Active. In some cases, an entity's future use in the system might need to be restricted. In this case, set the entity status to Inactive.

The Entity name field is reserved for a freeform, short and hopefully descriptive name for this entity. In case of a person, the first and last name are the usual choice. In case of routers or other equipment, advisable choices are the entity's use, user group it belongs to, or perhaps its location. Exact information such as the IP address can have a separate attribute in the entity. This makes searching for them more accurate.

Entity Attributes

In addition to these fixed elements, an entity can have a selection of attributes. An attribute can be added to the entity by selecting an attribute from the Attributes list and clicking Add.

The selected attribute is added to the entity display and can be changed. Most of the attributes differ by their name and the size of text input box, but some have different content types, such as drop-down lists giving a limited selection of choices, or Boolean values represented as check boxes.

The Email address and Account Password attributes of the entity are used when entity account management is enabled in the Web Enrollment Service. See Sections Customizing the Web Enrollment Pages and Managing User Certificates for more information.

Otherwise the system does not use the attributes in any way. However, if the CA is properly configured, the attributes defined in the entity can be used when publishing a certificate, for example, as the values for LDAP attributes.

An attribute can be removed by clicking the Remove button on the right hand side of the attribute. The attribute is then removed and a refreshed page is shown.

The actual entity is not created until you finish the creation process by clicking the Create button at the bottom of the page. The Cancel button can be used to return from the entity creation process without actually adding the entity to the Database. You can also switch to some other page by using the main menu.

PreviousNextUp[Front page] [Index]




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now