Sectigo.com
Shop Enterprise Partners Resources

Adding certificate profiles

Add a certificate profile

The configuration options available for a certificate profile are dependent on the issuing CA.

  • Sectigo Public

  • Sectigo Private

  • Microsoft

  • AWS

  • DigiCert

  • Entrust

  • GCP

  1. Navigate to Enrollment  Certificate Profiles.

  2. Click the Add icon.

  3. Complete the Add Certificate Profile fields based on the information provided in the following table.

    Field Description

    Profile Name

    The name of the certificate profile.

    CA Backend

    The name of the CA backend in SCM.

    Certificate Type

    The type of certificate that can be issued using this certificate profile (Client, SSL, Code Signing, or Device Certificate).

    Certificate Template

    The template that controls the certificate policies.

    Description

    A description of the profile.

  4. Click Next.

  5. Complete the remaining Add Certificate Profile fields based on the information provided in the following table.

    Field Certificate Type Description

    Domain Policies

    SSL

    Specifies the types of domain names and IP addresses that can be used for certificate enrollment.

    Include Common Name in Certificate Subject

    Client

    Determines whether to include CN details in the certificate Subject field.

    The possible options are:

    • Public Organization Validated - When selected, the organization name is added into the CN of the subject.

    • Public Sponsored Validated - When selected, the applicant’s first and last names are concatenated and added into the CN of the subject.

    Include Email Address in Certificate Subject

    Client

    When selected, the primary email is used as the E (email) attribute in the certificate subject.

    Terms

    All

    The validity period of certificates issued using the certificate profile.

    Allowed Key Types

    Client, SSL, Device

    The key types (algorithms and sizes or curves) you want to allow for certificates created using the profile.

    The supported algorithms depend on the selected certificate template.

    Requires approval

    SSL, Device

    When selected, the certificate request requires the approval of an additional administrator (DRAO, RAO, or MRAO).

    Auto Revoke

    Client

    When selected, a person who reaches the max number of valid certificates will have their oldest certificate revoked automatically to allow the new enrollment to succeed.

    Key Usage

    Device

    The cryptographic purposes for which the certificate can be used (such as, key encipherment and signing).

    Extended Key Usage

    Device

    The higher level capabilities of the certificate (such as, server or client authentication).

    Max Number of Valid Certificates

    Client

    The maximum number of valid certificates a user can have from this profile.

  6. Click Save.

  1. Navigate to Enrollment  Certificate Profiles.

  2. Click the Add icon.

  3. Complete the Add Certificate Profile fields based on the information provided in the following table.

    Field Description

    Profile Name

    The name of the certificate profile.

    CA Backend

    The name of the CA backend in SCM.

    Certificate Type

    The type of certificate that can be issued using this certificate profile (Client, SSL, Code Signing, or Device Certificate).

    Certificate Template

    The template that controls the certificate policies.

    Description

    A description of the profile.

  4. Click Next.

  5. Complete the remaining Add Certificate Profile fields based on the information provided in the following table.

    Field Certificate Type Description

    Domain Policies

    SSL

    Specifies the types of domain names and IP addresses that can be used for certificate enrollment.

    Terms

    All

    The validity period of certificates issued using the specified certificate profile.

    Allowed Key Types

    Client, SSL, Device

    The key types (algorithms and sizes or curves) you want to allow for certificates created using the profile.

    Requires approval

    SSL, Device

    When selected, the certificate request requires the approval of an additional administrator (DRAO, RAO, or MRAO).

    Auto Revoke

    Client

    When selected, a person who reaches the max number of valid certificates will have their oldest certificate revoked automatically to allow the new enrollment to succeed.

    Key Usage

    Device

    The cryptographic purposes for which the certificate can be used (such as, key encipherment and signing).

    Extended Key Usage

    Device

    The higher level capabilities of the certificate (such as, server or client authentication).

    Max Number of Valid Certificates

    Client

    The maximum number of valid certificates a user can have from this profile.

  6. Click Save.

  1. Navigate to Enrollment  Certificate Profiles.

  2. Click the Add icon.

  3. Complete the Add Certificate Profile fields based on the information provided in the following table.

    Field Description

    Profile Name

    The name of the certificate profile.

    CA Backend

    The name of the CA backend in SCM.

    Certificate Type

    The type of certificate that can be issued using this certificate profile (Client, SSL, Code Signing, or Device Certificate).

    Certificate Template

    The template that controls the certificate policies.

    Description

    A description of the profile.

  4. Click Next.

  5. Complete the remaining Add Certificate Profile fields based on the information provided in the following table.

    Field Certificate Type Description

    Domain Policies

    SSL

    Specifies the types of domain names and IP addresses that can be used for certificate enrollment.

    Terms

    All

    The validity period of certificates issued using the specified certificate profile.

    Auto Revoke

    Client

    When selected, a person who reaches the max number of valid certificates will have their oldest certificate revoked automatically to allow the new enrollment to succeed.

    Max Number of Valid Certificates

    Client

    The maximum number of valid certificates a user can have from this profile.

    Requires approval

    SSL, Device

    When selected, the certificate request requires the approval of an additional administrator (DRAO, RAO, or MRAO).

    Allow Renew

    SSL

    When enabled, the option to renew certificates is available via the SCM UI and related APIs.

    Issuing CA

    All

    The CA’s Common Name.

    MS Template

    All

    The template assigned to the CA in AD.

    All MS templates must grant read and enroll access to the CA connector in order to function correctly.

    Build Subject from AD information

    All

    When selected, Active Directory information is used for the subject, otherwise it’s built from the request.

    In order to work, the selected template must have the following Issuance Requirement tab settings configured:

    • This number of authorized signatures selected and set as 1

    • Application policy set as Certificate Request Agent

  6. Click Save.

  1. Navigate to Enrollment  Certificate Profiles.

  2. Click the Add icon.

  3. Complete the Add Certificate Profile fields based on the information provided in the following table.

    Field Description

    Profile Name

    The name of the certificate profile.

    CA Backend

    The name of the CA backend in SCM.

    Certificate Type

    The type of certificate that can be issued using this certificate profile (SSL).

    Certificate Template

    The template that controls the certificate policies.

    Description

    A description of the profile.

  4. Click Next.

  5. Complete the remaining Add Certificate Profile fields based on the information provided in the following table.

    Field Description

    AWS Private CA

    The name of the AWS private CA.

    Signature Algorithm

    The signature algorithm to be used when signing certificates.

    AWS Template

    The template assigned to the CA in ACM.

    Domain Policies

    Specifies the types of domain names and IP addresses that can be used for certificate enrollment.

    Terms

    The validity period of certificates issued using the specified certificate profile.

    Requires approval

    When selected, the certificate request requires the approval of an additional administrator (DRAO, RAO, or MRAO).

    Allow Renew

    When enabled, the option to renew certificates is available via the SCM UI and related APIs.

  6. Click Save.

  1. Navigate to Enrollment  Certificate Profiles.

  2. Click the Add icon.

  3. Complete the Add Certificate Profile fields based on the information provided in the following table.

    Field Description

    Profile Name

    The name of the certificate profile.

    CA Backend

    The name of the CA backend in SCM.

    Certificate Type

    The type of certificate that can be issued using this certificate profile (SSL).

    Certificate Template

    The template that controls the certificate policies.

    Description

    A description of the profile.

  4. Click Next.

  5. Complete the remaining Add Certificate Profile fields based on the information provided in the following table.

    Field Description

    DigiCert Product

    The DigiCert product type to be linked with the certificate profile.

    Domain Policies

    Specifies the types of domain names and IP addresses that can be used for certificate enrollment.

    Terms

    The validity period of certificates issued using the specified certificate profile.

    Allowed Key Types

    The key types (algorithms and sizes or curves) you want to allow for certificates created using the profile.

    Requires approval

    When selected, the certificate request requires the approval of an additional administrator (DRAO, RAO, or MRAO).

    Allow Renew

    When enabled, the option to renew certificates is available via the SCM UI and related APIs.

  6. Click Save.

  1. Navigate to Enrollment  Certificate Profiles.

  2. Click the Add icon.

  3. Complete the Add Certificate Profile fields based on the information provided in the following table.

    Field Description

    Profile Name

    The name of the certificate profile.

    CA Backend

    The name of the CA backend in SCM.

    Certificate Type

    The type of certificate that can be issued using this certificate profile (SSL).

    Certificate Template

    The template that controls the certificate policies.

    Description

    A description of the profile.

  4. Click Next.

  5. Complete the remaining Add Certificate Profile fields based on the information provided in the following table.

    Field Description

    Entrust Template

    The Entrust product type to be linked with the certificate profile.

    Domain Policies

    Specifies the types of domain names and IP addresses that can be used for certificate enrollment.

    Terms

    The validity period of certificates issued using the specified certificate profile.

    Requires approval

    When selected, the certificate request requires the approval of an additional administrator (DRAO, RAO, or MRAO).

    Allow Renew

    When enabled, the option to renew certificates is available via the SCM UI and related APIs.

  6. Click Save.

  1. Navigate to Enrollment  Certificate Profiles.

  2. Click the Add icon.

  3. Complete the Add Certificate Profile fields based on the information provided in the following table.

    Field Description

    Profile Name

    The name of the certificate profile.

    CA Backend

    The name of the CA backend in SCM.

    Certificate Type

    The type of certificate that can be issued using this certificate profile (SSL).

    Certificate Template

    The template that controls the certificate policies.

    Description

    A description of the profile.

  4. Click Next.

  5. Complete the remaining Add Certificate Profile fields based on the information provided in the following table.

    Field Description

    Google Cloud Certificate Authority

    The name of the GCP private CA.

    Google Cloud Template

    The template assigned to the CA in GCP.

    Domain Policies

    Specifies the types of domain names and IP addresses that can be used for certificate enrollment.

    Terms

    The validity period of certificates issued using the specified certificate profile.

    Requires approval

    When selected, the certificate request requires the approval of an additional administrator (DRAO, RAO, or MRAO).

    Allow Renew

    When enabled, the option to renew certificates is available via the SCM UI and related APIs.

  6. Click Save.