Understanding CAs

Certificate Authorities (CAs) are entities that issue digital certificates. SCM supports both public and private CAs.

CAs are represented by a root CA and one or more issuing CAs:

  • The root CA is the top-level CA in the hierarchy and is responsible for signing the certificates of the issuing CAs.

  • The issuing CAs are responsible for signing the certificates of the end entities.

In SCM, you can do the following:

  • Create and manage private CAs for existing private CA backends.

  • Download CA certificates for available public and private CA backends.

For more information on CA backends, see Understanding CA backends.

CAs can be managed on the Issuers  CAs page.

CAs page

The following table describes the details and controls of the CAs page.

Control Description

Name

The name of the CA.

Subject

The subject field of the private CA certificate.

Key Type

The type of algorithm used for certificate encryption.

Signature

The type of signature algorithm used for signing the certificate.

State

The state of the private CA.

The most common values are:

  • Signed — The private CA certificate has been signed by the issuer and is available for use.

  • Revoked — The private CA certificate has been revoked.

Serial Number

The unique serial number of the CA certificate.

Expires

The expiration date of the CA certificate.

Parent Issuer

The parent CA that issued the private CA certificate.

Private CA Type

The type of the private CA.

The possible values are:

  • Private CA — A Sectigo-hosted private CA intended for issuing and managing private certificates.

  • Trial Private CA — A 30 day trial Sectigo-hosted private CA for evaluating private certificate issuance and management.

  • Trial Private PQC CA — An experimental 30 day trial Sectigo-hosted CA capable of issuing certificates using Post-Quantum Cryptography (PQC) algorithms.

    Trial PQC CAs are only available if enabled for your account. For more information, contact your SCM account manager.

Trial Mode

Indicates whether the private CA is in trial mode.

Trial Expires

The date that the trial private CA expires.

Table controls

Filter

Enables you to sort the table information using custom filters.

Refresh

Refreshes the information presented in the table.

Manage Columns

Enables you to select which table columns to display.

Admin controls

Select CA backend

Expands the list of available private and public CA backends.

Add

Opens the Create Private CA dialog where you can request a private CA.

Delete

Deletes the selected root private CA.

Download Certificate

Downloads the certificate of the selected CA.

Revoke

Revokes the selected issuing private CA.