Skip to main content
Version: 2.7.0 (Current)

Certificate Template Management

This guide explains how to create and manage certificate templates on SecTrail CM. Certificate templates speed up and standardize the certificate creation process by predefining organization information, key algorithm, and other parameters.

About the Feature

By using templates, you can create certificates from ready-made templates instead of repeatedly entering the same information (Organization, OU, Country, etc.) each time. This saves time and ensures compliance with corporate standards.

What is a Template?​

A template is a predefined structure of certificate creation parameters. By using templates:

  • Fast certificate production: Just fill in Common Name and SAN fields, all other fields are automatically filled
  • Standardization: Ensure all certificates are created with the same organization information and security parameters
  • Error reduction: Prevent manual input errors
  • CA Integration: Work integrated with external CAs like ADCS, GlobalSign, DigiCert

Template List​

Access Path

For template management: Go to Inventory β†’ Issue Certificate β†’ Templates menu.

Template List

Template List and Operations

You can view and manage all your existing templates in the template list.

List Columns​

ColumnDescription
Template NameUnique name of the template (e.g., acme, adcs, csr)
CA TypeCertificate authority type (ACME, ADCS, CSR, DigiCert, GlobalSign, Hashicorp, LocalCA)
Domain NameDomain/organization domain the template is associated with
OrganizationOrganization name
E-mailContact email address
KeyKey algorithm (RSA, ECDSA)
ActionsAction buttons (Generate, Edit, Delete)

Template Operations​

You can perform three basic operations for each template:

1. Generate (Create Certificate)​

When you click the Generate button, the certificate creation screen opens with template parameters pre-filled. You only need to fill in Common Name and Subject Alternative Names (SAN) fields.

Generate Certificate from Template

Creating Certificate with Template

When creating certificate with template:

  1. Click the Generate button of the desired template from the template list
  2. Check auto-filled fields in the opened form:
    • CA Type, Organization, OU, Locality, State, Country
    • Key Algorithm, Key Length, Hash Function
    • Lifetime, E-mail Address
  3. Fill in Common Name field (e.g., test.sectrail.local)
  4. Add additional domains or IPs to Subject Alternative Names field (optional)
  5. Click Generate button
Time Savings

Using templates, you can create certificates instantly by filling in only 2 fields (Common Name and SAN). In normal certificate creation, you need to fill in 15+ fields.

2. Edit (Edit)​

Click the Edit button to edit existing template. You can update template parameters.

3. Delete (Delete)​

Click the Delete button to completely remove the template from the system.

Caution

When a template is deleted, certificates previously created with this template are not affected. Only this template cannot be used in future certificate creation operations.

Creating New Template​

Click the Create button to create a new certificate template. The form is presented in three tabs.

Tab 1: General Information​

Create Template - General Information

  • Name: Unique name for the template (e.g., adcs, prod-ssl)
  • Organization: Organization name (O)
  • Organizational Unit: Department or unit (OU)
  • Locality: City (L)
  • State: State or province (ST)
  • Country: Country code (dropdown selection)
  • E-mail: Should the email field be shown in the certificate creation form? (Enable / Disable)

Tab 2: Configuration​

Create Template - Configuration

  • CA Type: Certificate authority type (ExternalCA, LocalCA, etc.)
  • Certificate Authorities (CA): External CA provider to use (e.g., ADCS)
  • Domain Name: Active Directory domain name (e.g., company.local)
  • Managed: Should certificates be automatically managed? (Yes / No)
Managed Certificates

If you set Managed to Yes, certificates are automatically monitored and renewal alarms are sent. For details: Managed Certificates

  • Generate Text Message: Custom message to display when a certificate is created
  • Password Length: Length of automatically generated password (characters)
  • Ignored Domain: Domains for which certificate creation will be blocked (e.g., *.example.local)
  • Common Name Format Message: Guidance message shown to the user about Common Name format
  • Subject Alternative Names Format Message: Guidance message about SAN format
  • Daily Request Limit: Maximum number of certificate requests per day
  • Enable Confirmation: Require confirmation before creating a certificate?

Tab 3: Security & Key​

Create Template - Security & Key

  • Key Algorithm: Key algorithm (RSA or EC)
  • Key Length: Key bit length (e.g., 2048)
  • Hash Function: Hash algorithm (e.g., sha256)
  • Key Import: Where the private key will be stored (Database, Key, HSM, BeyondTrust)

Template Types​

SecTrail CM supports various CA types for different use cases:

1. LocalCA Template​

Used for signing certificates with your own local Certificate Authority.

When to Use:

  • For internal network applications
  • When producing certificates compliant with corporate standards
  • Signing with Root/Intermediate CAs created in SecTrail CM

Example Configuration:

  • Name: localca
  • CA Type: LocalCA
  • Organization: secrusen
  • Key Algorithm: RSA
  • Key Length: 2048
  • Lifetime: 365 days

2. ADCS Template​

Creates certificates with Microsoft Active Directory Certificate Services integration.

When to Use:

  • In Windows environments
  • In enterprise PKI with Active Directory integration
  • When automatic domain verification is required

Example Configuration:

  • Name: adcs
  • CA Type: ADCS
  • Organization: bntpro
  • Domain Name: bntpro.local
  • Key Algorithm: RSA
  • Key Length: 2048

3. CSR Template​

Used to create Certificate Signing Request. Used when you want to get certificates from external CAs.

When to Use:

  • When getting certificates from external CAs (Let's Encrypt, DigiCert, etc.)
  • For public SSL/TLS certificates
  • When third-party verification is required

Example Configuration:

  • Name: csr
  • CA Type: CSR
  • Organization: sectrail

4. ACME Template​

Creates automatic certificates with ACME protocol (Let's Encrypt, ZeroSSL, etc.).

When to Use:

  • For free SSL certificates with Let's Encrypt
  • When you want automatic renewal
  • For public domains

Example Configuration:

  • Name: acme
  • CA Type: ACME
  • Organization: bntpro
  • Managed: Yes (for automatic renewal)
  • Lifetime: 90 days (Let's Encrypt standard)

5. DigiCert Template​

Creates certificates with DigiCert CertCentral API integration.

When to Use:

  • If you're a DigiCert customer
  • For OV (Organization Validated) or EV (Extended Validation) certificates
  • For enterprise SSL certificates

6. GlobalSign Template​

Creates certificates with GlobalSign HVCA (Managed PKI) integration.

When to Use:

  • If you have GlobalSign agreement
  • For high-volume certificate management
  • If you're using Managed PKI service

7. Hashicorp Vault Template​

Creates dynamic certificates with Hashicorp Vault PKI Secrets Engine.

When to Use:

  • In cloud-native environments
  • In Kubernetes, microservices architectures
  • For dynamic, short-lived certificates