Creating a certificate Issuing Template in OutagePREDICT

Issuing Templates combine the selection of a CA account with rules that enforce certificate policy, all in a single location. Issuing templates can be edited (individually or in bulk), copied, or deleted.

IMPORTANT   You must have a System Admin or PKI Admin role to do this.

To create an issuing template

  1. In the menu bar, click Settings > Issuing Templates.

  2. Click New.
  3. Type a name for your new Issuing Template.
  4. Select an existing CA provider or Add New Account.

    Each CA provider must have at least one account associated with it.

  5. Click Select next to the CA provider account you want to associate with your new template.
  6. Select a Product Option.
  7. (Optional) Change the template's default validity period.

  8. Fill out the fields under Issuing Rules.

  9. (Optional) Define Recommended Settings.
  10. (Optional) Click the Bypass this field icon, as needed. Three dots, vertically alligned. Click to Bypass this field.

  11. When you're done, click Create Template.

    You'll see your new template in the list of Issuing Templates.

TIP  As indicated by the CA Account, Venafi Cloud uses the domain patterns that have been validated for certificate issuance to create a set of default patterns in the Issuing Templates CN and SAN rules.

When a DevOps user selects a CA Account to use with an issuing template, the CN and SAN rules are auto-filled with valid patterns based on the CA's settings. The user doesn't have to consult the CA Account to figure out which naming patterns are needed.