Setting Up Symantec PKI Certificate Profiles

You must use Symantec PKI Manager to enable the PKI administrator to configure certificate profiles for different CAs.

To set up a Symantec PKI certificate profile:

Go to the URL for the PKI Manager (for example: https://ptnr-pki-manager.bbtest.net/pki-manager/).
To create new Symantec certificate profile, click Manage certificates profiles.
Click Test mode.

After testing the profile and certificate, you can move to the Production mode.
Select the required template. For more information, refer to the Symantec technical documentation.
- If you want to use the certificate for authentication, verification, and signing purposes without key escrow, you can select the Client Authentication template.
- If you want to use key escrow for encrypting the certificates, you can select the Secure Email template.
Click Continue.
Make sure the Enrollment method is set to PKI Web Services for all your templates.
Click Advanced options to customize additional options if required.
If you want to use key escrow, then in the Key escrow field, select Symantec.
By default, the Common Name Standard term for some LDAP directories specified in the format, cn=<common name>. is set to the "First Name Last Name" value. If you want to customize the CN, you need to delete the Common Name field and add it again in the Subject DN fields:
1. Click Advanced options.
1. In the list of Certificate fields, remove the Common Name (CN) field at the top.
2. Then click Add field.
1. For the Certificate field, select Common Name (CN).
2. For the Source for the field's value, select Webservice Request.
1. For Required?, keep No (the default option).
Note: If you set Required to Yes but you do not provide a CN in the Device Policy, the issuance will fail.
Click Save.

The certificate profile is created.
Make a note of the Certificate Profile OID.

You will need the OID when creating ActivID CMS device policy associated with this particular certificate template.