Skip to main content

Certificate profile

Certificate profiles provide the flexibility needed to customize certificate issuance based on specific organizational or operational needs. While certificate templates define the core structure and constraints of the certificate, certificate profiles allow for finer control over individual certificate parameters. This enables the adaptation of certificates to meet the requirements of specific device groups, environments, or divisions.

Certificate templates and certificate profiles

A certificate template defines the underlying structure, key types, and general constraints for issued certificates. A certificate profile refines these settings by specifying details such as subject distinguished name (DN) values, certificate validity periods, and which certificate extensions are enabled or disabled.

Example of certificate profile customization

Certificate profiles allow for customization of key attributes to control how certificates are issued for specific deployments.

Table 1. Certificate profile customization examples

Example

Description

Default Subject DN values

Define default subject distinguished name (DN) values, such as organization (O), to ensure consistency for specific device groups.

Validity period

Set the certificate's validity period to a defined duration (e.g., 2 years), within the limits specified by the certificate template.

Key usage extension

Enable specific key usage extensions, such as digital signatures.

Certificate Signing Request

Allow users to provide a Certificate Signing Request (CSR) or use a bare public key for certificate issuance.