Prerequisites
- Product Admin permissions (to create CAs, policies, and profiles)
Steps
1
Create a Certificate Authority
2
Create a Certificate Policy
Go to Certificate Policies and click Create.
The preset pre-configures all the right settings for standard TLS certificates.Learn more about policies →
3
Create a Certificate Profile
4
Create an Application
5
Configure Enrollment
In your Application, go to the Settings tab and find the Certificate Profiles section. Click Configure on the
web-servers profile, then click Add enrollment method and select API.Learn more about enrollment →6
Issue Certificate
In your Application, go to the Certificate Requests tab and click Request Certificate.
Click Request and download your certificate and private key.
Result
You now have two files:certificate.pem— Your TLS certificateprivate-key.pem— The private key (keep this secure)
example.local), validity period, and that it was signed by my-root-ca.
Next Steps
- Set up ACME enrollment for automatic renewal
- Configure alerting for expiration notifications
- Push certificates to cloud with Certificate Syncs