Skip to main content

Azure Key Vault integration guide

Link your Microsoft Azure Key Vault account to your CertCentral account

Do you have a Microsoft Key Vault account? Using the CertCentral REST API, you can connect it to your CertCentral account. Doing this enables you to order DigiCert SSL/TLS certificates directly from your Key Vault account. Certificates are automatically renewed, making sure lapses in SSL/TLS security don't happen.

The DigiCert CertCentral Azure Key Vault integration also allows you to store your SSL/TLS certificates and their private keys in your Azure Key Vault account.

Before you begin

Before you start, make sure these prerequisites are met:

  • Azure Key Vault account—your account includes the key vault for storing keys, passwords, etc. (get a Key Vault account).

  • CertCentral account*—your account is specifically set up for linking with your Azure Key Vault account (get your CertCentral account).

  • You have administrator level permissions in your accounts.

Notice

*Already have a CertCentral account? We can help you manage your account for Key Vault integration. Contact your account manager or Support.

Connect your accounts

STEP 1: Create API Key

In your CertCentral account, create an API key. You use this key to link your Azure Key Vault account to your CertCentral account. See Generate an API key.

STEP 2: Gather additional information

Along with the API Key, you need two more items from your CertCentral account:

  • Account ID

  • Organization ID

Both IDs are included in the "CertCentral Signup - Azure - Account" email that DigiCert sends you once we've activated your CertCentral account. You can access this information from your account.

Account ID

In your CertCentral account, in the top right corner, in the “Company Name” dropdown, you'll find your Account ID. Record your account ID for use in your Key Vault account.

CertCentral dropdown showing how to locate your account number

Organization ID

  1. In your CertCentral account, in the left main menu, go to Certificates > Organizations.

  2. On the Organizations page, click the organization's link.

  3. On the Organization details page, next to Org ID, you'll find your organization's ID.

  4. Record the organization ID for use in your Key Vault account.

    Sample profile showing Org ID field

STEP 3: Set up account credit payment method in CertCentral

Azure Key Vault requires you to use account credit as the payment method.

To order SSL/TLS certificates from your Azure Key Vault account, you must use account credit to pay for these certificates. The Azure Key Vault Module doesn't support credit cards as a payment method.

See Set up account credit.

Add a credit card to your account to make depositing funds easier.

We recommend adding a credit card to your account. Having a credit card associated with your account helps you quickly and easily deposit funds for Key Vault certificate orders.

See Add a credit card to your CertCentral account.

STEP 4: Order SSL/TLS certificates from your Microsoft Azure Key Vault account

Before you order a DigiCert SSL/TLS certificate from your Key Vault account, make sure account credit is the default payment method for your CertCentral account.

Also, make sure you have this information handy:

  • CertCentral API key

  • CertCentral account ID

  • Organization ID

You need this information to run the PowerShell commands for ordering your DigiCert SSL/TLS Certificates.

See Order an SSL/TLS certificate from Key Vault account.