Manage policies in Zero Touch PKI¶
When configuring your instance, add certificate policies to define how Zero Touch PKI issues certificates in your environment. You add policies directly to organizations, using templates defined by CyberArk. Update existing policies by uploading a new YAML configuration file.
About policy deletion
You cannot delete certificate policies once created. Under our data retention policy, any certificate policy used to issue certificates must be kept for seven years past the expiration of its last issued certificate. To remove unused policies or hide deprecated ones, contact CyberArk Support.
Prerequisites¶
- A user role with permission to issue certificates (Account Admin, Organization Admin, or Requestor)
- At least one organization.
- A policy template for your use case.
To add a certificate policy¶
- Sign in to Zero Touch PKI.
- Click Accounts.
- Click your account title.
- In Organizations, select an organization.
-
In Policies, click Create Policy from Template.
-
In the dialog, do the following:
- Select a Policy Template.
- Enter a Policy Name, such as
Intune Machine RSA. - Click Create Policy.
Zero Touch PKI creates the policy for that organization.
To edit a certificate policy¶
- Sign in to Zero Touch PKI.
- Click Accounts.
- Click your account title.
- In Organizations, select an organization.
- Go to Polices and find the policy to update.
- On the right, in the three-dot menu, select Update Policy.
- Click Update Policy and choose a YAML configuration file.
- Click Update Policy.
Zero Touch PKI updates the policy.