Skip to main contentConcept
A certificate template is a policy structure specifying permitted attributes for requested certificates. This includes constraints around subject naming conventions, SAN fields, key usages, and extended key usages.
Each certificate requested against a profile is validated against the template bound to that profile. If the request fails any criteria included in the template, the certificate is not issued. This helps administrators enforce uniformity and security standards across all issued certificates.
Guide to Creating a Certificate Template
To create a certificate template, head to your Certificate Management Project > Certificates > Certificate Templates and press Create Template.
Here’s some guidance on each field:
- Template Name: A slug-friendly name for the template such as
tls-server.
- Description: An optional description for the template.
- Subject Attributes: A list of common names that can be included in the certificate subject. Each row accepts a fixed value or pattern such as
example.com or *.example.com and whether it is allowed or denied.
- Subject Alternative Names (SANs): A list of SANs that can appear in the certificate. Each row accepts a SAN type (e.g. DNS, IP, Email, URI), a fixed value or pattern such as
example.com or *.example.com, and an allow or deny flag.
- Allowed Signature Algorithms: The set of signature algorithms permitted to sign certificates under this template such as
SHA256-RSA, SHA512-RSA, etc.
- Allowed Key Algorithms: The set of public key algorithms permitted for certificate requests such as
RSA-2048, RSA-4096, etc.
- Key Usages: The cryptographic purposes of the certificate such as Digital Signature, Key Encipherment, etc.
- Extended Key Usages: The higher-level intended uses of the certificate such as Server Authentication, Client Authentication, etc.
- Certificate Validity: The maximum lifetime of certificates that can be requested for certificates validated against this template. You can specify both a duration and unit (days, months, or years).
