How To Registering a Domain for Certificate Management
- (Tenant Admin) Registering the application in your tenant
- (PKI Admin) Selecting a Plan
- (PKI Admin) Created a Root CA
- (PKI Admin) Created a Subordinate CA
How To Assign Domain Ownership for SSL Certificate Management - Video Version
Overview - How To Distribute SSL Certificate Responsibilities Across Your Organization
To help you run your PKI at scale, domain owners must be set in order to request SSL Certificates. This enables PKI administrators to keep a record of domain ownership, while allowing domain owners to manage approved users or applications that can request certificates for that domain.
Registering a domain
- Go to https://portal.ezca.io/
- Navigate to Domains.
- Click on “Register Domain”.
- Select your Issuing CA.
- Enter your Domain.
- Enter the domain owners. Domain owners are users or groups that will be allowed to manage who can request certificates for this domain. Note: Owners cannot request certificates, if an owner also needs permission to request certificates the owner must be added as a requester.
- Enter the AAD Objects (User, Groups, Service Principals, and MSIs) that will be allowed to request certificates for this domain.
- Click the “Register Domain” button.
- Now that the domain is registered, create your first certificate
If domain registration approval is set in CA, This request will be sent to the approvers for them to approve. Dual key approval is enforced, meaning that if you are an approver, someone else will have to approve your requests.