Skip to main content

Edit a PKIaaS CA

Once you create the PIV Content Signer for a PKIaaS CA, you can edit the digital ID configurations.

To edit a PKIaaS CA:

  1. Log in to your Identity as a Service administrator account.

  2. Click > Resources > Certificate Authorities. The Certificate Authorities List page appears.

  3. Click the name of your PKIaaS CA. The Edit Entrust PKIaaS Certificate Authority page appears.

  4. You can edit the following:

    • Name
    • Digital ID Configurations
    • PIV Content Signer Algorithm

  5. To edit the digital ID configurations:

    1. Click the digital ID, for example, PIV Card. The Edit Entrust PKIaaS Digital ID Configuration page appears.
    2. Edit the following fields, as required:
      • Name
      • Searchbase
      • Select a new Type from the drop-down list. A smart credential can have two digital IDs:
        • PIV Card Holder
        • PIV Card
      • DN Format 
    3. Deselect Include Searchbase in DN if you do not want to include the searchbase in the DN.

  6. Add additional Cert Templates, as follows:

    1. Do one of the following:
      • Click Add to add a new certificate template. The Add Cert Template dialog box appears.
      • Click an exiting certificate template. The Edit Cert Template dialog box appears.
    2. From the Type drop-down list, select the type of certificate template defined in PKIaaS. The options include:
      • Piv Authentication
      • Card Authentication
      • Digital Signature
      • Key Management (encryption)
    3. From the Key Type drop-down list, select the key type of that matches the certificate container in the smart credential.
    4. Set the Certificate Lifetime, choosing one of the following options:
      • Select Use CA Default Certificate Lifetime to set the certificate template to expire when the default CA certificate expires.
      • Set the Certificate Lifetime (months) to set the lifetime of the CA certificate. The range is 0-100 months.
    5. Click Add.

  7. Add additional Subject Alt Names. The subjectAltName extension can contain alternative names for the subject of the certificate. These entries in the Identity as a Service Digital ID list subjectAltName values that Identity as a Service sends to the CA so that they are included in the certificate. For example, the default template includes the user's email address and userPrincipalName.

    To add SubjectAltNames

    1. Click Add  to add Subject Alt Names. The Add Subject Alt Name dialog box appears.
    2. From the Type drop-down list, select
    3. Enter a Value.
    4. Click Add.
    5. To delete a Certificate Template, click next to the certificate template.

  8. Click Save.