Zones define how certificates enrolled through DevOpsACCELERATE will be requested from the CA Account as well as dictate the Issuing Template governing the certificate contents.
Did you know? When the Zone was defined by your System or Security admin, an Issuing Template was associated with the Zone. When certificate requests are submitted to the zone, they are evaluated against the selected Issuing Template Rules and if they meet requirements, certificates are issued by Venafi Cloud.
DevOpsACCELERATE issues certificates via projectzones.
- You specify which Zone to use when requesting certificates via your DevOps toolkits or when manually requesting a certificate from DevOpsACCELERATE. You can create one or more Zones in each Project.
- You will typically have one Zone for each environment used by your DevOps teams. For example, you might create a zone for issuing certificates for test infrastructure and create another zone for issuing certificates for production.
- An Issuing Template that meets certificate requirements has already been assigned to the zone.
- The user selects a zone from which to request a certificate.
- The user uploads a Certificate Signing Request (CSR) to the certificate enrollment form.
- The system evaluates the CSR to ensure it conforms with the selected Issuing Template.
- The system issues the certificate.
NOTE The flow is identical if the certificate is requested through the Venafi Cloud API. The DevOps user will use the appropriate APIs to select a zone.
TIP Provide meaningful names to your zones. When users submit certificate enrollment requests to Venafi Cloud, the Zone name should help them understand which zone they should pick. Suggested ways to name your zones include:
- Individual teams
- Business units
- Environments (Dev/QA/Prod)
- Network Segments (PCI Enclave, DMZ)
By carefully naming your zones, you can greatly simplify the user experience for end users requesting certificates through DevOpsACCELERATE.