The creation of Organizations and Departments and the association of these entities with a domain is an important step towards the issuance and effective management of SSL, code signing and SMIME certificates via the CCM interface.
• Organizations are umbrella entities created by administrators for the purposes of requesting, issuing and managing certificates for domains and employees.
• Organizations can be sub-divided into Departments for the purpose of certificate and end-user management. • Each Organization can have multiple Departments. Furthermore, each Organization and each Department can have
multiple domains delegated to it.
• It is possible to assign Organization level administrators (RAO Admins) and Department level administrators (DRAO Admins).
• Organization level administrators can manage any and all certificates, domains and users belonging to their
Organization and any of its sub-Departments. They are also able to create new Departments and appoint Department administrators.
• Department level administrators can view and manage only those certificates, domains and users belonging to the Department for which they have been delegated responsibility.
Comodo Certificate Manager uses the following naming conventions for Organizations and Administrators:
CCM Entity Administrator Types
Organization RAO - SSL Admin
RAO - SMIME Admin RAO - Code Signing Admin
Department DRAO - SSL Admin
DRAO - SMIME Admin DRAO - Code Signing Admin
Master Registration Authority Officers (MRAOs) have complete visibility of and control over all Organizations and Departments. Although we strongly advise Administrators to plan any Organizational and administrative structure beforehand, it is, of course, possible to rearrange and tweak it later. Organizations, Departments, Domains and Administrators are each created and configured as independent entities in CCM. It is the association and delegation of these entities into a coherent superstructure
Comodo Certificate Manager - Administrator Guide
which forms the key to an effective certificate management hierarchy for your enterprise. If you would like further advice on setting up an Organizational structure and administrative chains-of-command then please contact your Comodo account manager. Our representatives have years of experience in PKI management infrastructures and will be pleased to help you find the correct deployment strategy for your company.
5.2.1.1 Example Scenarios
In order to maximize the effectiveness of your CCM implementation, it is important that you first decide the structure of your Organizational and administrative hierarchy. CCM's flexibility allows you to create and delegate hierarchies that are as simple or sophisticated as you require.
The examples listed below are merely workable suggestions for reasonably straightforward situations. Administrators should, of course, follow their own policies when determining how to setup and manage domains between Organizations and Departments. Each example outlines a hypothetical issuance scenario followed by two or three alternative solutions that are possible through CCM:
Example 1:
Scenario: You wish to issue only SSL certificates for a single first level domain and two sub-domains. Solution 1 - Simple:
• Create a single Organization • No Departments
• Delegate all the domain and the sub-domains to this single Organization • The MRAO manages all SSL certificates for all domains
Organization Name Department Name Administrator Could be used to manage certificates for: Organization 1 - MRAO http://website_1.com http://payments.website_1.com http://mail.website_1.com Solution 2 - Intermediate:
• Create three Organizations • No Departments
• Delegate each domain to a separate Organization • Create three RAO SSL Admins
• Delegate one RAO SSL Admin to each of the Organizations
Organization Name Department Name Administrator Could be used to manage certificates for:
Organization 1 - RAO SSL ADMIN 1 http://website_1.com
Organization 2 - RAO SSL ADMIN 2 http://payments.website_1.com
Organization 3 - RAO SSL ADMIN 3 http://mail.website_1.com
Solution 3 - Intermediate:
• Create a single Organization
• Create three Departments under this Organization • Delegate each Domain to one of these Departments
Comodo Certificate Manager - Administrator Guide
• Create one RAO SSL Admin
• Delegate the RAO SSL to control the Organization (and therefore also its Departments) • Create three DRAO SSL Admins
• Delegate one DRAO SSL Admin to each of the Departments
Organization Name Department Name Administrator Could be used to manage certificates for:
Organization 1
Department 1 DRAO SSL ADMIN 1 http://website_1.com
Department 2 DRAO SSL ADMIN 2 http://payments.website_1.com Department 3 DRAO SSL ADMIN 3 http://mail.website_1.com
Example 2:
Scenario: Your company issues both SSL certificates and SMIME certificates. Your company operates 2 distinct websites, each with it's own unique first level domain name and two sub-domains.
Solution 1 - Very Simple:
• Create a single Organization • No Departments
• Delegate both first level domains and all sub-domains to this single Organization • The MRAO manages all SSL certificates and all SMIME certificates for all domains
Organization Name Department Name Administrator Could be used to manage certificates for: Organization 1 - MRAO http://website_1.com http://payments.website_1.com http://mail.website_1.com http://website_2.com http://payments.website_2.com http://mail.website_2.com Solution 2 - Sophisticated:
• Create two Organizations
• Create three Departments in each Organization
• Delegate one first level Domain and it's sub domains to each of the three Departments in an Organization • Create one RAO Admin. Assign this single RAO with SSL and SMIME Administrative roles
• Delegate the RAO to control both Organizations (and therefore all Departments, domains and sub-domains) • Create three DRAO SSL Admins
• Create six DRAO SMIME Admins
• Delegate one DRAO Admin per certificate type to each of the three Departments
This means that you will have 2 Organizations, each with three Departments. Each of these Departments is associated with a distinct first level domain or sub-domain. Each Department has two Departmental Administrators - each responsible for a particular certificate type. All of these Department Administrators (DRAOs) are sub-ordinate to the Organization Admin (RAO) who is, in turn, sub-ordinate to the MRAO.
Comodo Certificate Manager - Administrator Guide
Organization Name Department Name Administrator Could be used to manage certificates for:
Organization 1
Organization 1 - Department 1
DRAO SSL ADMIN 1 http://website_1.com DRAO SMIME ADMIN 1 http://website_1.com Organization 1 -
Department 2
DRAO SSL ADMIN 2 http://payments.website_1.com DRAO SMIME ADMIN 2 http://payments.website_1.com Organization 1 -
Department 3
DRAO SSL ADMIN 3 http://mail.website_1.com DRAO SMIME ADMIN 3 http://mail.website_1.com
Organization 2
Organization 2 - Department 1
DRAO SSL ADMIN 1 http://website_2.com DRAO SMIME ADMIN 4 http://website_2.com Organization 2 -
Department 2
DRAO SSL ADMIN 2 http://payments.website_2.com DRAO SMIME ADMIN 5 http://payments.website_2.com Organization 2 -
Department 3
DRAO SSL ADMIN 3 http://mail.website_2.com DRAO SMIME ADMIN 6 http://mail.website_2.com