Skip to main content

Create an authentication CA template

In DigiCert​​®​​ IoT Trust Manager, an authentication CA template determines the scope of which authentication certificates can be used to authenticate a device making a certificate request for a specific enrollment profile.

  1. In DigiCert ONE, in the Manager menu (top right), select IoT Trust.

  2. In the IoT Trust Manager menu, select Enrollment configurations > Enrollment profiles.

  3. Find and select the enrollment profile that requires device authentication.

  4. In the right-hand navigation, select Authentication certificates.

  5. Select Create authentication CA template.

  6. Enter a Friendly name.

  7. Select the Authentication CA you want to use to set the scope for authentication certificates in this enrollment profile.

    Note

    The authentication CA is the issuing CA for a certificate that a device uses to authenticate itself when making a certificate request through this enrollment profile.

  8. To allow any certificate issued by this CA to be used as an authentication certificate, select Allow all certificates.

  9. To narrow the scope of allowed certificates from this CA, select Limit which certificates.

    1. Limit by:

      • Defined attributes and/or uploaded certificates⁠—Specify attributes and/or upload a certificate when you add the authentication certificate.

      • Defined attributes⁠—Specify the certificate attributes that require specific values. Values are defined when you add the authentication certificate itself.

      • Uploaded certificates⁠—Allow only certificates uploaded to this profile.

    2. (Optional) Select Require passcode for additional authentication. Set the passcode when you add an authentication certificate based on this template.

  10. Select Add restrictions and registered values.

  11. (Optional) Define usage restrictions and registered values.

  12. Select Finish to save the authentication template and return to the enrollment profile.

    or

    Select Save and add authentication certificate to save the authentication CA template and add an authentication certificate that matches the scope of the new authentication CA template.

  13. Repeat as needed.