Skip to content

Creating a certificate Issuing Template

Issuing Templates combine the selection of a CA account with rules that enforce certificate policy, all in a single location. Issuing templates can be edited (individually or in bulk), copied, or deleted.

Important

You must have a System Admin or Security Admin role to do this.

To create an issuing template

  1. In the menu bar, click Settings > Issuing Templates.

  2. Click New.

  3. Type a name for your new Issuing Template.

  4. Select an existing CA provider or Add New Account.

    Each CA provider must have at least one account associated with it.

  5. Click Select next to the CA provider account you want to associate with your new template.

  6. Select a Product Option.

  7. Select a Signature Hash.

  8. (Optional) Change the template's default validity period.

    Setting the validity period

    The recommended and default value is 90 days.

    You can change the template's default validity period. The minimum setting is 1 hour.

    Be aware that when the CSR is submitted and the validity period requested exceeds that allowed by the CA, an error message will be returned.

  9. Fill out the fields under Issuing Rules.

  10. (Optional) Define Recommended Settings.

  11. (Optional) Click the Bypass this field icon, as needed. Three dots, vertically aligned.

    What does it mean to bypass a field?

    There are two options here:

    • Disable: Choose this to prevent the field from being set on certificates that are governed by the template.
    • There are two options here:
  12. When you're done, click Create Template.

    You'll see your new template in the list of Issuing Templates.

Tip

As indicated by the CA Account, DevOpsACCELERATE uses the domain patterns that have been validated for certificate issuance to create a set of default patterns in the Issuing Templates CN and SAN rules.

When a DevOps user selects a CA Account to use with an issuing template, the CN and SAN rules are auto-filled with valid patterns based on the CA's settings. The user doesn't have to consult the CA Account to figure out which naming patterns are needed.

Editing or deleting an Issuing Template

Issuing Templates combine the selection of a CA account with rules that enforce certificate policy in a single location. Issuing templates can be edited (individually or in bulk) or deleted.

Important

You must be an Admin or PKI Admin to complete this task.

To edit or delete an Issuing Template

  1. In the menu bar, click Settings > Issuing Templates.

  2. To edit a template, click its name.

  3. To delete a template, select it, then click Delete.