Introduction

An End Entity is a user of PKI certificates and/or the end user system that is the subject of a certificate, such as an e-mail client, a web server, a web browser, or a VPN-gateway.

End entities are not allowed to issue certificates to other entities, they make up the leaf nodes in the PKI.

Creating Users

To create users, add end entities either using the RA Web or the CLI.

Using the RA Web, select Make new Request and Postpone for Key-pair generation.

Using the CLI, run the following:

The user's Distinguished Name (DN) is normally entered in the CLI as:

Note that if a comma ',' is needed in the DN the comma must be escaped using '\,'.

Next Steps

End Entity functionality is described in the following sections.

• Create Server Certificates

• Issue a New PKCS#12 Keystore for an SSL Server

• Issue a New Server Certificate from a CSR

• Create User Certificates

• Certificate Renewal

• Request Browser Certificate Renewal

• Renaming and Editing Users

• SSL Certificate Expiration

For information on creating and managing end entities using the RA Web, see RA Operations Guide.