> ## Documentation Index
> Fetch the complete documentation index at: https://infisical.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Certificate Components

> Learn the main components for managing certificates with Infisical.

## Core Components

The following resources define how certificates are issued, shaped, and governed in Infisical:

* [Certificate Authority (CA)](/documentation/platform/pki/ca/overview): The trusted entity that issues X.509 certificates. This can be an [Internal CA](/documentation/platform/pki/ca/private-ca) or an [External CA](/documentation/platform/pki/ca/external-ca) in Infisical.
  The former represents a fully managed CA hierarchy within Infisical, while the latter represents an external CA (e.g. [DigiCert](/documentation/platform/pki/ca/digicert), [Let's Encrypt](/documentation/platform/pki/ca/lets-encrypt), [Microsoft AD CS](/documentation/platform/pki/ca/azure-adcs), etc.) that can be integrated with Infisical.

* [Certificate Policy](/documentation/platform/pki/settings/policies): A policy structure specifying permitted attributes for requested certificates. This includes constraints around subject naming conventions, SAN fields, key usages, and extended key usages.

* [Certificate Profile](/documentation/platform/pki/settings/profiles): A reusable template that combines a CA with a certificate policy and sensible defaults. Profiles define what certificates look like — the issuing CA, validation rules, and default values for fields like TTL and key algorithm.

* [Application](/documentation/platform/pki/applications/overview): The core entity where teams issue and manage certificates. Product admins attach profiles to Applications and assign members. Application admins then configure [enrollment methods](/documentation/platform/pki/applications/enrollment-methods/overview) (API, ACME, EST, SCEP) for each attached profile.

* [Certificate](/documentation/platform/pki/applications/certificates): The actual X.509 certificate issued through an Application. Once created, it is tracked in Infisical's certificate inventory for management, renewal, and lifecycle operations.

## Next

* [Access Control](/documentation/platform/pki/concepts/access-control) — Learn how permissions work across Applications and Signers.