Adding domains

Add a domain

Navigate to Domains.
Click the Add icon.
Enter your fully qualified domain name (FQDN) or wildcard domain.
Select or deselect Active depending on whether you want the domain to be available for certificate issuance.
(Optional) Enter a description that provides any contextual information required.

Configure CT logging based on the information in the following table.

Field	Description
Monitor CT Logs for publicly issued certificates including this domain	When selected, CT logs are monitored for publicly issued certificates/precertificates that include this domain. This feature is useful for detecting unauthorized certificates issued for your domain.
Include sub-domains	When selected, sub-domains are included in the CT log monitoring.
Certificate Bucket	The certificate bucket used to collect certificates/precertificates from CT logs.

Field

Description

Monitor CT Logs for publicly issued certificates including this domain

When selected, CT logs are monitored for publicly issued certificates/precertificates that include this domain.

This feature is useful for detecting unauthorized certificates issued for your domain.

Include sub-domains

When selected, sub-domains are included in the CT log monitoring.

Certificate Bucket

The certificate bucket used to collect certificates/precertificates from CT logs.

Delegate the domain to the appropriate organizations and departments.

In the Delegation section, click the Add icon.
In the Delegate Domain To dialog, select the organization and, optionally, the department to which you want to delegate the domain.
Select the certificate types that can be issued by the selected organization/department for the domain.
(Optional) Enter a description that provides any contextual information required.

Select the appropriate domain certificate request privileges for the organization/department based on the information provided in the following table.

Field	Description
Delegated domain only	When selected, the organization/department can only request certificates for the delegated domain (including hostnames or IP addresses) but not for subdomains.
FQDN subdomain	When selected, the organization/department can request certificates for fully qualified subdomains but not for wildcards or the delegated domain itself.
First-level wildcard subdomain	When selected, the organization/department can request certificates for wildcard subdomains one level below the delegated domain but not for the delegated domain itself.
Second-level+ wildcard subdomain	When selected, the organization/department can request certificates for wildcard subdomains at least two levels below the delegated domain but not for the delegated domain itself.

Field

Description

Delegated domain only

When selected, the organization/department can only request certificates for the delegated domain (including hostnames or IP addresses) but not for subdomains.

FQDN subdomain

When selected, the organization/department can request certificates for fully qualified subdomains but not for wildcards or the delegated domain itself.

First-level wildcard subdomain

When selected, the organization/department can request certificates for wildcard subdomains one level below the delegated domain but not for the delegated domain itself.

Second-level+ wildcard subdomain

When selected, the organization/department can request certificates for wildcard subdomains at least two levels below the delegated domain but not for the delegated domain itself.

Click Save.
Repeat the delegation process to add additional organizations and departments as required.

Depending on your role and how your account is configured, the creation and delegation of a domain may require additional administrator approval.

Click Save.

Once added, domains must be validated before publicly trusted certificates can be issued. For more information, see Validating domains.