# Domains Domains group devices and certificate settings in Trustpoint. A domain is associated with one **Issuing CA**. Certificates requested inside the domain are issued by this CA. ## Access Go to: `PKI > Domains > select domain > Configure` ## Domain overview The domain view shows: - unique domain name - URL path segment - device counts - assigned Issuing CA - Issuing CA expiry date - number of issued certificates ## Issuing CA Each domain uses one Issuing CA for certificate issuance. The Issuing CA defines the trust anchor used for certificates in this domain. Devices enrolled in the domain receive certificates from this CA. ## DevID registration patterns DevID registration patterns define which device identities may be onboarded into the domain. A pattern is linked to a truststore and matches device serial numbers. Matching devices can be onboarded using the domain configuration. ## Domain credential profile The domain credential profile defines which certificate profile is used for the domain credential. ## Allowed certificate profiles Allowed certificate profiles define which certificate types devices may request in this domain. For each profile, the domain can define an alias. The alias is the name used by devices when requesting a certificate. Profiles that are not enabled for the domain cannot be used for certificate issuance.