Certificate templates
Certificate templates simplify certificate generation by preconfiguring allowable certificate fields and values. You can limit certificate types, signature algorithms, set default a algorithm, specify which certificate fields are optional or mandatory, specify how long certificates can remain valid, and more. Certificate templates are mandatory to create certificate profiles.
If you host the DigiCert ONE® platform in-house:
System users can create, edit and view certificate templates.
Account users can only view certificate templates.
If you use DigiCert ONE hosted by DigiCert:
You can view certificate templates.
You cannot create or edit certificate templates.
Create certificate template
Nota
Certificate templates are mandatory and are generally created and updated by Technical support. However, if DigiCert ONE is hosted in-house, the certificate template can be created by a system scope admin with the Manage certificate template
permission.
To create a certificate template:
Sign in to DigiCert ONE.
Select the Manager menu (top right) > Software Trust.
Navigate to: Certificates > Certificate templates.
Select Create certificate template.
Complete these fields:
Field | Description |
---|---|
Template name | Name to uniquely identify this certificate template. |
Template body | Set parameters for certificates. NotaYou can limit certificate types, signature algorithms, set default a algorithm, specify which certificate fields are optional or mandatory, specify how long certificates can remain valid, and more. To see an example including all available options see Template body example. |
Template category | Select Production or Test. |
Template scope | Enable System to apply this template for all accounts. Enable Limited to apply this template to specific accounts. |
Certificate template body example
The sample below contains all possible fields and values for a certificate template.
Copy and paste the sample below into the Template body field.
Remove any values or fields that do not meet your requirements.
For test certificate templates ensure that the validity unit is set to "days".
Sample
{ "issue_types": [ "code_signing" ], "cert_type": "end_entity", "signature_algorithm": { "allowed_algorithms": [ "sha1WithRSA", "sha256WithRSA", "sha384WithRSA", "sha512WithRSA", "sha256WithECDSA", "sha384WithECDSA", "sha512WithECDSA", "match_issuer" ], "default_algorithm": "match_issuer" }, "subject": { "attributes": [ { "type": "common_name", "include": "optional", "allowed_source": [ "csr" ] }, { "type": "organization_name", "include": "optional", "allowed_source": [ "csr" ] }, { "type": "organization_unit", "include": "optional", "allowed_source": [ "fixed_value" ] }, { "type": "street_address", "include": "optional", "allowed_source": [ "csr" ] }, { "type": "postal_code", "include": "optional", "allowed_source": [ "csr" ] }, { "type": "locality", "include": "optional", "allowed_source": [ "csr" ] }, { "type": "state", "include": "optional", "allowed_source": [ "csr" ] }, { "type": "country", "allowed_source": [ "csr" ] } ] }, "extensions": { "key_usage": { "critical": true, "allow_critical_override": false, "required_usages": { "rsa": [ "digital_signature", "non_repudiation", "key_encipherment" ], "ecdsa": [ "digital_signature", "non_repudiation" ] } }, "extended_key_usage": { "critical": true, "allow_critical_override": false, "required_usages": [ "code_signing", "client_authentication" ] } }, "validity": { "min_duration": { "value": 1, "unit": "years" }, "max_duration": { "value": 25, "unit": "years" }, "default_duration": { "min": { "value": 1, "unit": "years" }, "max": { "value": 25, "unit": "years" } } } }