Managing certificate profiles
Edit a certificate profile
-
Navigate to
. -
Select a Sectigo Public CA certificate profile, and click Edit.
-
Complete the Edit Certificate Profile fields based on the information provided in the following table.
Field Certificate Type Description Include Common Name in Certificate Subject
Client
Determines whether to include CN details in the certificate Subject field
The possible options are:
-
Public Organization Validated - When selected, the organization name is added into the CN of the subject
-
Public Sponsored Validated - When selected, the applicant’s first and last names are concatenated and added into the CN of the subject
Include Email Address in Certificate Subject
Client
When selected, the primary email is used as the E (email) attribute in the certificate subject
Terms
All
The validity period of certificates issued using the certificate profile
Allowed Key Types
Client, SSL, Device
The key types (algorithms and sizes or curves) you want to allow for certificates created using the profile
The supported algorithms depend on the selected certificate template.
Requires approval
SSL, Device
When selected, the certificate request requires the approval of an additional administrator (DRAO, RAO, or MRAO)
Auto Revoke
Client
When selected, a person who reaches the max number of valid certificates will have their oldest certificate revoked automatically to allow the new enrollment to succeed
Key Usage
Device
The cryptographic purposes for which the certificate can be used (such as, key encipherment and signing)
Extended Key Usage
Device
The higher level capabilities of the certificate (such as, server or client authentication)
Max Number of Valid Certificates
Client
The maximum number of valid certificates a user can have from this profile
-
-
Click Save.
-
Navigate to
. -
Select a Sectigo Private CA certificate profile, and click Edit.
-
Complete the Edit Certificate Profile fields based on the information provided in the following table.
Field Certificate Type Description Terms
All
The validity period of certificates issued using the specified certificate profile
Allowed Key Types
Client, SSL, Device
The key types (algorithms and sizes or curves) you want to allow for certificates created using the profile
Requires approval
SSL, Device
When selected, the certificate request requires the approval of an additional administrator (DRAO, RAO, or MRAO)
Auto Revoke
Client
When selected, a person who reaches the max number of valid certificates will have their oldest certificate revoked automatically to allow the new enrollment to succeed
Key Usage
Device
The cryptographic purposes for which the certificate can be used (such as, key encipherment and signing)
Extended Key Usage
Device
The higher level capabilities of the certificate (such as, server or client authentication)
Max Number of Valid Certificates
Client
The maximum number of valid certificates a user can have from this profile
-
Click Save.
-
Navigate to
. -
Select a Microsoft CA certificate profile, and click Edit.
-
Complete the Edit Certificate Profile fields based on the information provided in the following table.
Field Certificate Type Description Terms
All
The validity period of certificates issued using the specified certificate profile
Auto Revoke
Client
When selected, a person who reaches the max number of valid certificates will have their oldest certificate revoked automatically to allow the new enrollment to succeed
Max Number of Valid Certificates
Client
The maximum number of valid certificates a user can have from this profile
Requires approval
SSL, Device
When selected, the certificate request requires the approval of an additional administrator (DRAO, RAO, or MRAO)
Allow Renew
SSL
When enabled, the option to renew certificates is available via the SCM UI and related APIs
Issuing CA
All
The CA’s Common Name
MS Template
All
The template assigned to the CA in AD
All MS templates must grant read and enroll access to the CA connector in order to function correctly.
Build Subject from AD information
All
When selected, Active Directory information is used for the subject, otherwise it’s built from the request.
In order to work, the selected template must have the following Issuance Requirement tab settings configured:
-
This number of authorized signatures selected and set as
1
-
Application policy set as
Certificate Request Agent
-
-
Click Save.
-
Navigate to
. -
Select an AWS CA certificate profile, and click Edit.
-
Complete the Edit Certificate Profile fields based on the information provided in the following table.
Field Description AWS Private CA
The name of the AWS private CA
Signature Algorithm
The signature algorithm to be used when signing certificates
AWS Template
The template assigned to the CA in ACM
Terms
The validity period of certificates issued using the specified certificate profile
Requires approval
When selected, the certificate request requires the approval of an additional administrator (DRAO, RAO, or MRAO)
Allow Renew
When enabled, the option to renew certificates is available via the SCM UI and related APIs
-
Click Save.
-
Navigate to
. -
Select a DigiCert CA certificate profile, and click Edit.
-
Complete the Edit Certificate Profile fields based on the information provided in the following table.
Field Description DigiCert Product
The DigiCert product type to be linked with the certificate profile
Terms
The validity period of certificates issued using the specified certificate profile
Allowed Key Types
The key types (algorithms and sizes or curves) you want to allow for certificates created using the profile
Requires approval
When selected, the certificate request requires the approval of an additional administrator (DRAO, RAO, or MRAO)
Allow Renew
When enabled, the option to renew certificates is available via the SCM UI and related APIs
-
Click Save.
-
Navigate to
. -
Select an Entrust CA certificate profile, and click Edit.
-
Complete the Edit Certificate Profile fields based on the information provided in the following table.
Field Description Entrust Template
The Entrust product type to be linked with the certificate profile
Terms
The validity period of certificates issued using the specified certificate profile
Requires approval
When selected, the certificate request requires the approval of an additional administrator (DRAO, RAO, or MRAO)
Allow Renew
When enabled, the option to renew certificates is available via the SCM UI and related APIs
-
Click Save.
-
Navigate to
. -
Select a GCP CA certificate profile, and click Edit.
-
Complete the Edit Certificate Profile fields based on the information provided in the following table.
Field Description Google Cloud Certificate Authority
The name of the GCP private CA
Google Cloud Template
The template assigned to the CA in GCP
Terms
The validity period of certificates issued using the specified certificate profile
Requires approval
When selected, the certificate request requires the approval of an additional administrator (DRAO, RAO, or MRAO)
Allow Renew
When enabled, the option to renew certificates is available via the SCM UI and related APIs
-
Click Save.
Click the Edit icon in the top right of the Edit Certificate Profile window to change the name or description of the certificate profile. |
Delegate a certificate profile
-
Navigate to
. -
Select a certificate profile, and click Delegate.
-
Specify the Delegation Mode based on the information in the following table.
Field Description General
When selected, the certificate profile is available for all organizations
Customized
When selected, the certificate profile is available for only the selected organizations and departments
-
Click Save.
Deleting certificate profiles
When deleting a certificate profile, you can select an alternate (superseding) profile to use when replacing or renewing certificates that were issued using the deleted profile. If you do not assign a superseding profile, existing certificates based on the deleted profile cannot be replaced, renewed, or downloaded.
A superseding profile must fulfill the following criteria:
-
It must use the same enrolling backend
-
It must be delegated to the same organization or department