Step 1: Create CA templates

During certificate enrollment and provisioning procedures, every certificate object must reference a CA template object.

CA template objects provide the information Trust Protection Platform needs to submit the certificate signing request (CSR) to the CA and retrieve the signed certificate. The CA template also defines the type of certificate that is requested from the CA when the CSR is submitted.

EXAMPLE If Amazon were your CA and you wanted to automate enrollment and provisioning of your certificates using Amazon Amazon Certificate Manager, you would use Venafi's Policy Tree to create a certificate template object and provide the required settings:

Using information you gathered as part of the prerequisites, you create the CA template object for the Amazon Amazon Certificate Manager using Policy Tree. You refer to the related Venafi documentation (the Trust Protection Platform Help system), or in the Certificate Authority and Hosting Platform Integration Guide related to your chosen CA. The documentation includes the information required by your chosen CA.

NOTE Before you attempt to create CA template, device, or application objects, you must enable the create permission under the folder where you want to create the new object. For more information, see Permissions overview.

To create a CA Template object

From the TLS Protect menu bar, click Policy Tree.
From the Tree drop-down menu, click Policy.
In the Policy tree, select the folder where you want to create the CA Template object, and then click Add.
Click CA Template, then select a driver to create it.
In the CA Name box, type a name for the new CA driver object.

When finished, click Apply.

The CA Template object settings vary depending on the associated CA requirements. Refer to the CA template object settings for the CA you are configuring.