Certificate roles are user-defined roles for covering certificate lifecycle management. When selecting this role type, configure the following settings.
Certificate Role Template
Select one of the following templates for creating the role.
Role type | Role permissions |
|---|---|
Manager | Manage Certificates. |
Requestor | Create certificate requests as explained in Making a certificate request. |
Approver | Approve certificate requests as explained in Approving a pending certificate request, or manage public forms as explained in Creating a public enrollment form. |
Authority
The certificate authority that issued, or will issue, the certificates. Select one of the Certificate Hub-managed Authorities for granting permissions to:
- Issue, edit, revoke, or unhold certificates issued by that certificate authority.
- Manage public forms for the end-users to request certificates from this certificate authority.
- Approve or create certificate requests for this certificate authority.
If this optional field is omitted, the role permissions will be limited to unmanaged certificates – that is, certificates issued by certificate authorities not managed by Certificate Hub.
Profiles
The certificate profiles the Authority will use for issuing new certificates. This setting does not affect existing certificates.
The All Profiles Enabled default option grants role permissions on all the certificate profiles issued by the Authority.
Certificate Access Tag
The Certificate Access Tag assigned to the certificates.
Permissions
The permissions granted by the role on certificates:
- Issued by the Authority using the selected Profiles.
- Labeled with the Certificate Access Tag.