Browsing CAs
See below to browse and inspect the details of all certificate authorities (CAs) in your PKI.
To browse certificate authorities:
-
Follow the steps described in Accessing your partitions to log into the PKIaaS interface as a user with any of the roles described under Role permissions.
-
Click Certificate Authorities in the sidebar.
-
In the Certificate Authorities tab, click the name of a certificate authority.
-
Click the downwards arrow icon to display the full details of the CA.
-
Check the following values.
ℹ See RFC 5280 for more details on the standard certificate extensions.
Type
The type of certificate authority.
| Type | Description | Creation procedure |
|---|---|---|
| root | Root certificate authority | Creating a root CA |
| externalKey | External root certificate authority | Importing an external root CA |
| intermediate | Intermediate subordinate certificate authority | Creating an intermediate subordinate CA |
| subord | Issuing subordinate certificate authority | Creating an issuing subordinate CA |
Status
The activation status of the certificate authority.
CA Identifier
The identifier assigned to the certificate authority on creation.
Subject
The Subject’s Distinctive Name (DN) of the Certificate authority certificate.
Certificate status service
The activation status of the CRL and OCSP services.
URLs
The CA Gateway endpoint for the certificate authority.
CA Certificate
The settings of the Certificate authority certificate.
| Setting | Description |
|---|---|
| Serial Number | The serial number (SN) of the CA certificate |
| SHA-256 Fingerprint | The SHA-256 fingerprint of the CA certificate |
| Issuer | The Distinguished Name of the entity that issued the CA certificate |
| Valid from | The time and date when the CA certificate was issued |
| Expiry Date | The time and date when the CA certificate will expire |
| Public key type | The public key algorithm of the CA certificate |
| Signature Algorithm | The signature algorithm of the CA certificate |
| Basic Constraints | The basic constraints for the CA certificate (see RFC 5280 for details on basic constraints) |
| Key Usage | The key usages for the CA certificate |
| Authority Info Access OCSP | The URL of the OCSP responder service informing on the CA certificate status |
| Authority Info Access CA Issuers | The locations from which the issuer certificate can be obtained |
| Authority Key Identifier | The key identifier of the entity that issued the CA certificate |
| Subject Key Identifier | The key identifier for the certificate subject |
| CRL Distribution Points | The URLs from which to download the CRLs (Certificate Revocation Lists) informing on the CA certificate status |