Domains

Domains group devices and certificate settings in Trustpoint.

A domain is associated with one Issuing CA. Certificates requested inside the domain are issued by this CA.

Access

Go to:

PKI > Domains > select domain > Configure

Domain overview

The domain view shows:

  • unique domain name

  • URL path segment

  • device counts

  • assigned Issuing CA

  • Issuing CA expiry date

  • number of issued certificates

Issuing CA

Each domain uses one Issuing CA for certificate issuance.

The Issuing CA defines the trust anchor used for certificates in this domain. Devices enrolled in the domain receive certificates from this CA.

DevID registration patterns

DevID registration patterns define which device identities may be onboarded into the domain.

A pattern is linked to a truststore and matches device serial numbers. Matching devices can be onboarded using the domain configuration.

Domain credential profile

The domain credential profile defines which certificate profile is used for the domain credential.

Allowed certificate profiles

Allowed certificate profiles define which certificate types devices may request in this domain.

For each profile, the domain can define an alias. The alias is the name used by devices when requesting a certificate.

Profiles that are not enabled for the domain cannot be used for certificate issuance.