Free Trial
Contact Us

Knowledge Base

Knowledge BaseSCM Help docs

What Are the Password Policies in Sectigo Certificate Manager?

Updated on January 2, 2026

Overview of Password Policies 

Password policies in Sectigo Certificate Manager (SCM) define the security requirements for passwords used across the platform. They ensure administrators and organizations enforce strong, consistent password rules for both login and certificaterelated operations. 

There are two main types of password policies: 

  1. Administrator Password Policies 

  • Apply to passwords used by Standard and API administrators when signing in. 

  • Only one policy exists for each administrator group: Default, MRAO Admins, RAO/DRAO Admins. 

  • The Default policy always exists and may be modified. 

  • MRAO and RAO/DRAO policies override the Default policy. 

  1. Organizational Password Policies 

  • Can be created and assigned to specific organizations or departments. 

  • Apply to certificaterelated passwords such as PKCS#12 file passwords and enrollment form password fields. 

Password policies are managed under: 
Settings → Password Policies. 

1. Password Policies Page Details 

Table Columns 

  • Name: The name of the password policy. 

  • Type: Default, MRAO Admins, RAO/DRAO Admins, or Organizational. 

  • Organization Assignment: Displays which organizations or departments inherit the policy. 

Table Controls 

  • Filter: Sort or filter policies. 

  • Refresh: Reloads the list of policies. 

  • Manage Columns: Allows visibility control of table columns. 

Admin Controls 

  • Add: Create a new policy. 

  • Edit: Modify an existing policy. 

  • Delete: Remove a policy. 

  • Delegate: Assign a policy to specific organizations or departments. 

2. Adding a Password Policy 

  1. Navigate to Settings → Password Policies. 

  1. Click the Add button. 

  1. Select the policy type (MRAO Admins, RAO/DRAO Admins, or Organization/Department).  

  • Note: Only one MRAO password policy can exist. 

  1. Optional: Enable “Force password change on next login” for accounts with passwords that no longer meet requirements. 

  1. Complete the following fields:  

  • Password Expires: How long the password is valid before requiring change. 

  • Password History Length: Number of unique passwords required before reuse is allowed. 

  • Minimum Password Length: Minimum number of characters. 

  • Uppercase Characters Required: Whether at least one uppercase letter is required. 

  • Lowercase Characters Required: Whether at least one lowercase letter is required. 

  • Digits Required: Whether at least one number is required. 

  • Special Characters Required: Whether at least one special character is required. 

  • Maximum Sequence of Repeating Characters: Maximum allowed repeated characters in a row; use 0 to disable this restriction. 

  • Verify Password Not Pwned: Enables checking the password against the HaveIBeenPwned compromised password list. 

  1. Click Save. 

3. Editing a Password Policy 

  1. Navigate to Settings → Password Policies. 

  1. Select the policy you want to edit. 

  1. Click Edit. 

  1. Update any fields as required, including optional forced password reset. 

  1. Click Save. 

4. Delegating a Password Policy 

  1. Navigate to Settings → Password Policies. 

  1. Select the policy you want to delegate. 

  1. Click Delegate. 

  1. Choose one of the following:  

  • General: Applies to all organizations. 

  • Customized: Allows manual selection of organizations and departments. 

  1. Click Save. 

5. Deleting a Password Policy 

  1. Navigate to Settings → Password Policies. 

  1. Select the policy. 

  1. Click Delete. 

  1. Confirm the deletion. 

6. Best Practices 

  • Use stronger policies (longer length, mixed character requirements) for administrative accounts. 

  • Assign organizational password policies carefully to departments handling sensitive certificates (for example, PKCS#12 issuance). 

  • Regularly review password policies to ensure compliance with evolving security standards. 

  • Enable “Verify Password Not Pwned” whenever possible. 

  • Avoid overly restrictive configurations that may lead to frequent support requests while still maintaining strong security. 

 

 

Related Articles:  

Tags: 

Need help?

Need help making a purchase? Contact us today to get your certificate issued right away.

Live chat

Click the button below or click "Chat with an Expert" to start chatting with us now!

Start Chat

Call us today

United States
+1 888 266 6361
France
+33 3 66 72 95 95
Italy
+39 02 4792 1708
Spain
+34 900 838 451
Germany
+49 800 1002328
International
+1 914 732 844

Resources