DigiCert gateway
DigiCert gateway is a lightweight, on-premises proxy service that enables secure and controlled certificate enrollment for devices operating behind firewalls or in isolated networks.
DigiCert gateway is easy to configure, secure by design, and built for high-throughput device traffic.
What is a DigiCert gateway
It’s a Java-based service that you can deploy:
As a standalone application, either on a physical or a virtual server.
In a containerized environment (for example, Kubernetes).
DigiCert gateway acts as a trusted intermediary between internal devices and DigiCert® Device Trust Manager, performing the following functions:
Accepts incoming certificate requests over supported protocols.
Authenticates and forwards requests to DigiCert cloud services.
Relays issued certificates or error responses back to the requesting device.
Why is DigiCert gateway needed?
Many IoT and embedded devices run in secure environments where firewalls block direct internet access. Despite this, they must still request, receive, and renew certificates to authenticate and maintain trusted communication.
Traditional proxy solutions often need custom customer software on each device. In many IoT environments, this isn't practical due to strict security settings or limited system resources.
DigiCert gateway solves this problem by providing a secure, protocol-aware proxy service that doesn’t require any client changes on the device. Devices interact with DigiCert gateway using standard certificate management protocols, such as:
Enrollment over Secure Transport (EST): Facilitates secure certificate enrollment by encrypting the transport layer, ensuring that all communications remain confidential and tamper-proof.
Simple Certificate Enrollment Protocol (SCEP): Enables devices to enroll for certificates securely, supporting widespread adoption in environments with varied technological capabilities.
Certificate Management Protocol version 2 (CMPv2): Allows devices to perform certificate-related operations such as registration, renewal, and revocation through a secure protocol.
Automatic Certificate Management Environment (ACME): Automates the process of obtaining, renewing, and managing SSL/TLS certificates.
Device Trust Manager REST API: Provides REST API endpoints that allow for requesting and renewing certificates.
DigiCert gateway transparently forwards requests to DigiCert Device Trust Manager and relays responses, making it seem like the device is communicating directly with the certificate service.
Why is DigiCert gateway beneficial?
DigiCert gateway offers many advantages:
No changes needed on the device: The device uses standard protocols and interacts with the DigiCert gateway just as it would with a public CA.
Preserves security boundaries: Organizations can keep devices within their protected networks and only allow outbound traffic from the DigiCert gateway to DigiCert cloud services.
Improves scalability: Centralizes and simplifies secure certificate communication for devices behind a firewall.
This makes DigiCert gateway ideal for industries with strict network segmentation policies, such as medical devices, industrial control systems, automotive, and energy infrastructure.
How does DigiCert gateway manage the certificate lifecycle?
By acting as the protocol-aware bridge between device networks and DigiCert's certificate services, DigiCert gateway simplifies deployment while preserving critical security boundaries.
Device (inside firewall) | |--- SCEP/EST/CMPv2/ACME/REST Request ---> | DigiCert gateway on-prem) | |--- Secure API Call ---> | DigiCert Device Trust Manager (cloud)