...
The SCM lets you create Departments under Organizations. Just like the Organization name is what goes into the O= of a certificate, the Department name is what goes into the OU= of a certificate. You can use Departments in two ways:
- Just as a tool to sort certificates
and get the correct OU= set, but it will still be the Organization's admins doing the approval. - To delegate approval of certificates to department admins for their department. In most(?) cases that would be combined with registering a subdomain (or a completely different domain) and restrict the department to that.
Since the summer of 2022, OU is no longer present in the certificates due to decisions within the CA/B forum.
MRAO, RAO, DRAO!
There are three levels of admins in the SCM, all called something with RAO (Registration Authority Officer) in the name:
...