Root CA User
You can use any user name except for root (UID 0) on the Root CA host to be the Root CA user. The Root CA user is the only user that can create credentials for web sites. The Root CA user will have its own, password-protected credentials which are used to sign all of the certificates it creates.
The Root CA credentials are bound to a distinguished name (DN) entry. All credentials are bound to a DN. The Root CA distinguished name uses the following attributes:
| Attribute Type | Abbreviation | Example |
|---|---|---|
| Common name | cn | cn=rootca |
| Email address | em | em=rootca@A.net |
| Serial number | serial | serial=no12345 |
| Organizational unit name | ou | ou=web |
| Organization Name | o | o=A.net |
| Locality name | l | l=internet |
| State or province name | st | st=California |
| Country name | c | c=US |
The order of the attributes matters in the DN. The DN must begin with the most specific attribute and continue to the least specific. The attributes are listed in the table from most specific (common name) to least specific (country).
All credentials are stored in a directory owned by the Root CA user, which should not be publicly readable. The Root CA user's credentials (as well as each web site's credentials) will be available through the Federated Naming Service (FNS).
- © 2010, Oracle Corporation and/or its affiliates