Skip to content

PKI Certificate profile examples

Profile examples

  • Example of certificate profile used with RAUC signing as an End-Entity certicate.

    • Code signing certificate

  • Example of certificate profile used with RAUC signing as an Subordinate CA.

  • Example of certificate profile (A)HAB Tree roots

  • Example of certificate profile (A)HAB Tree Subordinate CA. Usually SRK key.

  • Example of certificate profile (A)HAB Tree End-Entity certificates. IMG, SGK or CSF

  • Example of certificate profile used with Device Certificates as an Issuing CA.

  • Example of certificate profile used with Device Certificates as an End-Entity certicate.

    • Enforcing unique DN is enabled. If certificate has been issued with same DN then issuance fails.
    • CRLDistributionPoints enabled
    • PolicyIdentifiers enabled
    • Validity period until 9999-12-31T23:59:59Z
    • Used with RSA keys.
    • Signature type is SHA256WithRSA

  • Example of certificate profile used with Device Certificates as an End-Entity certicate.

    • Enforcing unique DN is disabled
    • CRLDistributionPoints enabled
    • PolicyIdentifiers enabled
    • Validity period until 9999-12-31T23:59:59Z
    • Used with EC keys.
    • Signature type is ECDSAWithSHA256
  • Example of certificate profile used with Device Certificates as an End-Entity certicate.
    • Enforcing unique DN is enabled. If certificate has been issued with same DN then issuance fails.
    • CRLDistributionPoints enabled
    • PolicyIdentifiers enabled
    • Validity period until 9999-12-31T23:59:59Z
    • Used with EC keys.
    • Signature type is ECDSAWithSHA256
  • Example of certificate profile used with Device Certificates as an End-Entity certicate.
    • No enforcements. Same DN and or Public key can be used.
    • CRLDistributionPoints enabled
    • PolicyIdentifiers enabled
    • Validity period until 9999-12-31T23:59:59Z
    • Used with EC keys.
    • Signature type is ECDSAWithSHA256
  • Example of certificate profile used with Device Certificates as an End-Entity certicate.
    • ProfileYamlVersion is 2 which enables more options
    • Enforcing unique DN is disabled.
    • Enforcing unique Public Key is disabled.
    • CRLDistributionPoints enabled
    • PolicyIdentifiers enabled
    • Validity period until 9999-12-31T23:59:59Z
    • Used with EC keys.
    • Signature type is ECDSAWithSHA256
  • Example of certificate profile used with Device Certificates as an End-Entity certicate.
    • ProfileYamlVersion is 2 which enables more options
    • Enforcing unique DN is disabled.
    • Enforcing unique Public Key is enabled. If certificate has been issued with same Public Key then issuance fails.
    • CRLDistributionPoints enabled
    • PolicyIdentifiers enabled
    • Validity period until 9999-12-31T23:59:59Z
    • Used with EC keys.
    • Signature type is ECDSAWithSHA256
  • Example of certificate profile used with Device Certificates as an End-Entity certicate.
    • ProfileYamlVersion is 2 which enables more options
    • Enforcing unique DN is enabled. If certificate has been issued with same DN then issuance fails.
    • Enforcing unique Public Key is disabled.
    • CRLDistributionPoints enabled
    • PolicyIdentifiers enabled
    • Validity period until 9999-12-31T23:59:59Z
    • Used with EC keys.
    • Signature type is ECDSAWithSHA256
  • Example of certificate profile used with Device Certificates as an End-Entity certicate.
    • ProfileYamlVersion is 2 which enables more options
    • Enforcing unique DN is enabled. If certificate has been issued with same DN then issuance fails.
    • Enforcing unique Public Key is enabled. If certificate has been issued with same Public Key then issuance fails.
    • CRLDistributionPoints enabled
    • PolicyIdentifiers enabled
    • Validity period until 9999-12-31T23:59:59Z
    • Used with EC keys.
    • Signature type is ECDSAWithSHA256

Profile versions

Currently there are 2 versions of profiles. Version 2 supports ore options regarding the uniqueness checking.

# Config file for the End-Entity profile. Do not use TABS
---
ProfileYamlVersion: 2