How to Assign Domain Ownership for Certificate Management

How To Registering a Domain for Certificate Management

Prerequisites

  1. (Tenant Admin) Registering the application in your tenant
  2. (PKI Admin) Selecting a Plan
  3. (PKI Admin) Created a Root CA
  4. (PKI Admin) Created a Subordinate CA

How To Assign Domain Ownership for SSL Certificate Management - Video Version

Overview - How To Distribute SSL Certificate Responsibilities Across Your Organization

To help you run your PKI at scale, domain owners must be set in order to request SSL Certificates. This enables PKI administrators to keep a record of domain ownership, while allowing domain owners to manage approved users or applications that can request certificates for that domain.

Registering a domain

  1. Go to https://portal.ezca.io/
  2. Navigate to Domains. Domains Menu Domains Menu
  3. Click on “Register Domain”. Domains Menu Domains Menu
  4. Select your Issuing CA. Registering New Domain Registering New Domain
  5. Enter your Domain. Registering New Domain Registering New Domain
  6. Enter the domain owners. Domain owners are users or groups that will be allowed to manage who can request certificates for this domain. Note: Owners cannot request certificates, if an owner also needs permission to request certificates the owner must be added as a requester. Registering New Domain Registering New Domain
  7. Enter the AAD Objects (User, Groups, Service Principals, and MSIs) that will be allowed to request certificates for this domain. Registering New Domain Registering New Domain
  8. Click the “Register Domain” button. Registering New Domain Registering New Domain
  9. Now that the domain is registered, create your first certificate
    Note

    If domain registration approval is set in CA, This request will be sent to the approvers for them to approve. Dual key approval is enforced, meaning that if you are an approver, someone else will have to approve your requests.