Overview

To issue a certificate with Infisical, you create a certificate profile and a certificate policy to go along with it. You then issue a certificate against a specific profile depending on the enrollment method associated with it.

There are four components to understand:

• Certificate Profile: A configuration set specifying how certificates should be issued under that profile including the issuing CA, a certificate policy, and the enrollment method (such as ACME, EST, API, etc.) used to enroll certificates.

• Certificate Policy: A policy structure specifying the permitted attributes for requested certificates including subject naming conventions, SAN fields, key usages, and extended key usages.

• Approval Policy: An optional approval workflow requiring human review before certificates are issued. Approval policies can enforce multi-step review processes with configurable approvers for each step.

• Certificate: The actual X.509 certificate issued for a profile. Once issued, a certificate kept track of in the certificate inventory.