Issue attribute certificate in Certificate Manager
Attribute certificates are signed objects that assert additional properties with respect to some identity certificate (also called base certificate). An attribute certificate has no associated key pair and consequently cannot be used to establish identity.
Attribute certificates can be thought of as extensions to identity certificates, even if the attribute certificate may be signed by a different CA than the base certificate. When the associated attributes are mainly used for the purpose of authorization, an attribute certificate is called authorization certificate.
An attribute certificate (AC) can either be issued together with the linked public key certificate (PKC) or issued after the PKC certificate has been issued. The first alternative requires the token procedure being used to specify that both a PKC and an AC should be issued simultaneously. This is described in Issue smart card certificate in Certificate Manager and Issue software token in Certificate Manager respectively.
This article describes how to issue an AC, linked to an existing PKC, in Smart ID Certificate Manager (CM). This task is done in the Registration Authority (RA) in Certificate Manager.
Related information
- Connect to a Certificate Manager host
- Issue smart card certificate in Certificate Manager
- Issue software token in Certificate Manager
- Smart ID Certificate Manager
- Qualified certificates in Certificate Manager
- Registration Authority (RA) in Certificate Manager
- RA user interface in Certificate Manager
- Select fields in Registration Authority in Certificate Manager