Certificate profile
Certificate profiles provide the flexibility needed to customize certificate issuance based on specific organizational or operational needs. While certificate templates define the core structure and constraints of the certificate, certificate profiles allow for finer control over individual certificate parameters. This enables the adaptation of certificates to meet the requirements of specific device groups, environments, or divisions.
Certificate templates and certificate profiles
A certificate template defines the underlying structure, key types, and general constraints for issued certificates. A certificate profile refines these settings by specifying details such as subject distinguished name (DN) values, certificate validity periods, and which certificate extensions are enabled or disabled.
Example of certificate profile customization
Certificate profiles allow for customization of key attributes to control how certificates are issued for specific deployments.
Example | Description |
|---|---|
Default Subject DN values | Define default subject distinguished name (DN) values, such as organization (O), to ensure consistency for specific device groups. |
Validity period | Set the certificate's validity period to a defined duration (e.g., 2 years), within the limits specified by the certificate template. |
Key usage extension | Enable specific key usage extensions, such as digital signatures. |
Certificate Signing Request | Allow users to provide a Certificate Signing Request (CSR) or use a bare public key for certificate issuance. |