Skip to content

Overview: certificate issuing templates

Certificate issuing templates are used to configure security policies that are enforced whenever new certificates are issued.

An issuing template combines the selection of a CA account with rules that enforce certificate policies, all in a single location. And when you create your issuing template, you define the rules that reflect your company's certificate security policies for requesting or renewing certificates.

Note

Issuing templates can be created or modified only by a System Administrator or PKI Administrator.

Here are some of the benefits of certificate issuing templates:

  • Facilitates self-service by letting other machine owners more easily request certificates without having to depend on a PKI team, or even understand crypto. Because the template includes your organization's security policies, they can simply use the template with your pre-defined settings already in place.

  • Issuing templates also help to speed up certificate issuance by delivering only required information; everything else is set up by default, or controlled by policy.

You can create as many issuing templates as you need, and then edit or delete them at any time.

Most certificate issuing templates contain at least these basic settings:

  • Template Name
  • CA Account
  • Issuing Rules
  • Additional fields that are linked to a specific CA account

Depending on the CA, some might include additional settings. For example, an issuing template for DigiCert includes an additional field called Product Option.

What is the default issuing template?

TLS Protect Cloud includes a Default Issuing template out of the box that gives you an example of what an issuing template is and how it connects to other parts of TLS Protect Cloud. It should only be used for quick testing, and for evaluation of TLS Protect Cloud.

This default template is not intended for production use. Instead, you should create your own issuing templates. We recommend you do not make the default issuing template available to resource owners. This will help prevent confusion, and will help prevent issuance of certificates that are not appropriate for the intended uses.

What's next