Azure Key Vault integration guide

Link your Microsoft Azure Key Vault account to your CertCentral account

Do you have Microsoft Key Vault account? Using the CertCentral REST API, you can connect it to your CertCentral account enabling you to order DigiCert SSL/TLS certificates directly from your Key Vault account. Certificates are automatically renewed, making sure lapses in SSL/TLS security don't happen.

The DigiCert CertCentral, Azure Key Vault integration also allows you to store your SSL/TLS certificates and their private keys in your Azure Key Vault account.

Before you begin

Before you start, make sure these prerequisites are met:

  • Azure Key Vault account—your account includes the key vault for storing keys, passwords, etc. (get a Key Vault account)
  • CertCentral account*—your account is specifically set up for linking with your Azure Key Vault account (get your CertCentral account)
  • Administrator level permissions in your accounts

*Already have a CertCentral account? We can help you manage your account for Key Vault integration. Please contact your account manager or our Support team.

Connect your accounts

Step 1: Create API Key

In your CertCentral account, create an API key. You use this key to link your Azure Key Vault account to your CertCentral account.

See Generate an API key.

Step 2: Gather additional information

Along with the API Key, you need two more items from your CertCentral account:

  • Account ID
  • Organization ID

Both IDs are included in the "CertCentral Signup - Azure - Account" email that DigiCert sends to you once we've activated your CertCentral account. You can access this information from inside your account.

Account ID

In your CertCentral account, in top right corner, in the “Company Name” dropdown, you'll find your Account ID. Record your account ID for use in your Key Vault account.

CertCentral account number

Organization ID

  1. In your CertCentral account, in the left main menu, go to Certificates > Organizations.
  2. On the Organizations page, click the organization's link.
  3. On the Organization details page, next to Org ID, you'll find your organization's ID.
  4. Record the organization ID for use in your Key Vault account.
Organization ID

Step 3: Set up account credit payment method in CertCentral

Before you can order DigiCert SSL/TLS certificates from your Azure Key Vault account, you need to set up the account credit payment method in your CertCentral account.

See Set up account credit.

To order SSL/TLS certificates from your Azure Key Vault account, you must use account credit to pay for these certificates. The Azure Key Vault Module doesn't allow for credit cards as a payment method.

We recommend adding a credit card to your account. Having a credit card associated to your account helps you quickly and easily deposit funds for Key Vault certificate orders.

See Add a credit card to your CertCentral account.

Step 4: Order SSL/TLS certificates from your Microsoft Azure Key Vault account

Before you order a DigiCert SSL/TLS certificate from your Key Vault account, make sure account credit is the default payment method for your CertCentral account.

Also, make sure you have this information handy:

  • CertCentral API key
  • CertCentral account ID
  • Organization ID

You need this information to run the PowerShell commands for ordering your DigiCert SSL/TLS Certificates.

See Order an SSL/TLS certificate from Key Vault account.