For the latest version, please use Certificate Lifecycle Manager 6.5.0!

Realms

A realm offers separation of concerns for the management of digital certificates. Realms enable organizations to enforce distinct certificate policies, access controls and security configurations tailored to specific teams or operational needs. This ensures compliance with regulatory requirements, unique to each business unit, while preventing cross-departmental interference. Realms also help enforce segregation of duties, compliance boundaries and audit trails by isolating certificate management activities from different business units or departments. An example of a realm is a department within a large enterprise.

Realm Properties

Realm ID

A realm possesses a unique ID as identifier.

Realm Name

The realm’s name. This field is required during realm creation and is the only one that can be modified post realm creation.

Realm Access and Segregation

Realms define the scope of access and policy enforcement. All entities such as certificates, end entities and policies are managed within the boundaries of a realm. Only users and clients with explicit roles in a realm can access or manage its objects.

Multi-Realm Roles

Users, API clients and groups can be assigned multiple realm roles, extending their access to the certificate lifecycle operations of each assigned realm. This supports cross-functional or multi-tenant workflows when required.

Realms Lifecycle

Realms can be created, modified and archived. When a realm is archived, all its managed entities (end entities, policies, certificates, certificate requests) are also archived. Archiving and deletion follow below rules:

Realms with active certificates cannot be archived.
Only archived realms may be deleted.
Deletion of a realm permanently removes all associated entities.

Related Sections