About Domain Components
The Domain Components feature is an advanced feature in Trust Protection Platform that allows domain components to appear in certificates. This could allow you, for example, to use client authentication certificates to restrict the access of the certificate to the sub-domain specified on the certificate using the domain component attribute. This setting should only be used if the application server you are authenticating to is configured to support verification of domain components.
If your application servers are configured to support verification of domain components, Trust Protection Platform allows you to enable the domain components feature, which does the following:
- Shows you the domain components
- Allows you to specify, via polic, allowed domain components
- Allows you to specify on a certificate signing request the allowed domain components (if enabled by policy)
NOTE This is not a commonly used feature in Trust Protection Platform. If you have any doubt about whether you should enable this feature, leave it disabled.
If you leave this feature disabled, and a user attempts to upload a CSR with specified domain components, the CSR will be rejected by Trust Protection Platform. Users will need to re-create the CSR without domain components specified and upload the new CSR to continue.
If this feature is disabled, it also means the domain components field will be hidden on the new certificates form when Trust Protection Platform is generating the CSR.