Issue a TLS certificate from your own private CA in about 10 minutes. You’ll set up a certificate authority, create a policy and profile, then issue your first certificate.Documentation Index
Fetch the complete documentation index at: https://infisical.com/docs/llms.txt
Use this file to discover all available pages before exploring further.
Prerequisites
- Product Admin permissions (to create CAs, policies, and profiles)
Steps
Create a Certificate Authority
Go to Certificate Manager → Settings → Certificate Authorities and click Create.
Learn more about CAs →
| Field | Value |
|---|---|
| Name | my-root-ca |
| Type | Root CA |
| Key Algorithm | EC_prime256v1 |
Create a Certificate Policy
Go to Settings → Certificate Policies and click Create.
The preset pre-configures all the right settings for standard TLS certificates.Learn more about policies →
| Field | Value |
|---|---|
| Preset | TLS Server Certificate |
| Name | tls-server |
Create a Certificate Profile
Go to Settings → Certificate Profiles and click Create.
Learn more about profiles →
| Field | Value |
|---|---|
| Name | web-servers |
| Certificate Authority | Select my-root-ca |
| Certificate Policy | Select tls-server |
Create an Application
Go to Certificate Manager → Applications and click Create.
Learn more about Applications →
| Field | Value |
|---|---|
| Name | my-first-app |
| Certificate Profile | Select web-servers |
Configure Enrollment
In your Application, go to the Settings tab and find the Certificate Profiles section. Click Configure on the
web-servers profile, then click Add enrollment method and select API.Learn more about enrollment →Result
You now have two files:certificate.pem— Your TLS certificateprivate-key.pem— The private key (keep this secure)
example.local), validity period, and that it was signed by my-root-ca.
Next Steps
- Set up ACME enrollment for automatic renewal
- Configure alerting for expiration notifications
- Push certificates to cloud with Certificate Syncs