Configure your first policy
A policy defines a set of rules for certificates issuance. From a high-level perspective the following topics are defined in the policy:
-
End Entity details (mandatory and optional information)
-
Rules for certificate fields can be defined, e.g. to enforce a unique representation of the company name amongst all certificates issued
-
-
Process for approval of certificate requests (manual, automatic, dual control etc.)
-
Validity period
-
Cryptographic details (allowed algorithms and key lengths)
-
Certificate Authority (CA) to be used
All managed PKI & CLM installations come with templates for you to start working with. This covers policies for the most common use cases like:
-
SSL/TLS Servers
-
S/MIME Certificates
-
Code Signing Certificates
-
Server certificates
-
User Certificates
-
Certificates for API clients (like EST, CMP and ACME)
The easiest way to start is using an existing policy. An overview of all existing policies can be accessed via the Policies/Show
menu item. By clicking on a policy name the configuration and settings of the policy can be displayed.
If an existing policy cannot be used directly for a certain use case, the policy can be adapted as needed via the Edit
button or a new policy can be created and adapted via the Create similar
button.
Since the policy defines the certificate to be issued, the selection of a policy is mandatory in the certificate creation workflow, see also Issue your first certificate.
A detailed introduction to policies and the fields defined in a policy is given in Policies.