Skip to main content

Certificate templates

Certificate templates simplify certificate generation by preconfiguring allowable fields and values.

You can limit certificate types, set default algorithms, define optional or mandatory fields, specify validity periods, and more.

Certificate templates are required to create certificate profiles.

If you host the DigiCert ONE platform in-house:

  • System users can create, edit, and view certificate templates.

  • Account users can only view certificate templates.

If you use DigiCert ONE hosted by DigiCert:

  • You can view certificate templates.

  • You cannot create or edit certificate templates.

Create certificate template

Note

Technical support creates and updates mandatory certificate templates.

If DigiCert ONE is hosted in-house, a system scope admin with the Manage certificate template permission can create them.

To create a certificate template:

  1. In the Software Trust menu, go to Certificates > Certificate templates.

  2. Select Create certificate template.

  3. Complete the following fields:

Table 1.

Field

Description

Template name

Enter a name to uniquely identify this certificate template.

Template body

Set the parameters, which include:

  • Limiting certificate type

  • Configuring signature algorithms

  • Specifying mandatory or optional certificate fields

  • Specifying how long certificates can remain valid

Note

To review a sample certificate template with all available options, see Same certificate template body.

Template category

Select Production or Test.

Template scope

Select System to apply this template for all accounts.

Select Limited to apply this template to specific accounts.


Same certificate template body

The following sample contains all possible fields and values for a certificate template.

  1. Copy and paste the following sample into the Template body field.

  2. Remove any values or fields that don't meet your requirements.

  3. For test certificate template, ensure that the validity unit is set to days.

Sample certificate template body:

{  
"issue_types": [  
"code_signing"  
],  
"cert_type": "end_entity",  
"signature_algorithm": {  
"allowed_algorithms": [  
"sha1WithRSA",  
"sha256WithRSA",  
"sha384WithRSA",  
"sha512WithRSA",  
"sha256WithECDSA",  
"sha384WithECDSA",  
"sha512WithECDSA",  
"match_issuer"  
],  
"default_algorithm": "match_issuer"  
},  
"subject": {  
"attributes": [  
{  
"type": "common_name",  
"include": "optional",  
"allowed_source": [  
"csr"  
]  
},  
{  
"type": "organization_name",  
"include": "optional",  
"allowed_source": [  
"csr"  
]  
},  
{  
"type": "organization_unit",  
"include": "optional",  
"allowed_source": [  
"fixed_value"  
]  
},  
{  
"type": "street_address",  
"include": "optional",  
"allowed_source": [  
"csr"  
]  
},  
{  
"type": "postal_code",  
"include": "optional",  
"allowed_source": [  
"csr"  
]  
},  
{  
"type": "locality",  
"include": "optional",  
"allowed_source": [  
"csr"  
]  
},  
{  
"type": "state",  
"include": "optional",  
"allowed_source": [  
"csr"  
]  
},  
{  
"type": "country",  
"allowed_source": [  
"csr"  
]  
}  
]  
},  
"extensions": {  
"key_usage": {  
"critical": true,  
"allow_critical_override": false,  
"required_usages": {  
"rsa": [  
"digital_signature",  
"non_repudiation",  
"key_encipherment"  
],  
"ecdsa": [  
"digital_signature",  
"non_repudiation"  
]  
}  
},  
"extended_key_usage": {  
"critical": true,  
"allow_critical_override": false,  
"required_usages": [  
"code_signing",  
"client_authentication"  
]  
}  
},  
"validity": {  
"min_duration": {  
"value": 1,  
"unit": "years"  
},  
"max_duration": {  
"value": 25,  
"unit": "years"  
},  
"default_duration": {  
"min": {  
"value": 1,  
"unit": "years"  
},  
"max": {  
"value": 25,  
"unit": "years"  
}  
}  
}  
}
In this section: