Test signing
DigiCert® Software Trust Manager supports both production and test signings. Test signings allow you to sign software during development or test phases using short-lived, private certificates that do not consume more expensive production signings.
Limitations
Test keypairs expire after a maximum of 30 days.
Test certificates expire after a maximum of 7 days.
Create certificate profile
You require the Manage certificate profile
permission to create a certificate profile.
Sign in to DigiCert ONE.
Select the Manager menu (top right) > Software Trust.
Navigate to: Certificates > Certificate profiles.
Select Create certificate profile.
Complete the following fields:
Field
Description
Name
Enter a name to easily identify this test certificate profile.
Profile type
Select CA Manager (Private trust).
Organization
Select your organization.
Issuing Certificate Authority
Select a Issuing Certificate Authority (ICA).
Profile category
Select Test.
Certificate template
Select a certificate template.
Select Create certificate profile.
Anmerkung
You will need the certificate profile ID when creating keypairs from the command line (SMCTL). How do I locate the certificate profile ID?
Create test keypair and certificate in UI
Sign in to DigiCert ONE.
Navigate to the Manager menu (top right) > Software Trust.
Select Keypairs.
Select Create keypair.
Complete the following fields:
Field
Description
Keypair type
Select Static (keypair will remain the same) or Dynamic (keypair will change every time you complete a signature).
Keypair alias
Name to uniquely identify this keypair.
Team
Select a team that should have access to this keypair.
Anmerkung
You will only see this field if you enable Teams under Account settings.
Keypair profile
Select a keypair profile. If you have selected a team. you will only see keypair profiles allocated to that team.
Algorithm
Select RSA, ECDSA, or EdDSA.
Anmerkung
When you select EdDSA the key curve sets to Ed25519).
Key size
Select 2048.
Keypair category
Select Test.
Keypair storage
Select Disk.
Keypair status
Select Online.
Access
Select Open (can be used by any account user) or Restricted (can only be used by specified users or a member of a specified user group.
Allowed users
For Restricted keypairs, you can specify which users can use the keypair.
Allowed user groups
For Restricted keypairs, you can specify one or more groups that are authorized to use the keypair.
Generate certificate
Check this box to generate a corresponding default certificate for the keypair.
Click Create keypair.
Test keypair and certificate in SMCTL
Same alias
This command creates a keypair and certificate with the same alias.
smctl keypair generate rsa <shared alias> --generate-cert --cert-profile-id <cert_profile_ID> --key-type TEST
If successful, SMCTL outputs the keypair ID.
Different alias
This command creates a keypair and certificate with different aliases.
smctl keypair generate rsa <key alias> --generate-cert --cert-alias <cert alias> --cert-profile-id <cert_profile_ID> --key-type TEST
If successful, SMCTL outputs the keypair ID.
New certificate for existing key
This command creates a new certificate for an existing keypair, which is typically used to generate a new 7-day certificate for an existing 30-day keypair.
smctl keypair generate-cert <keypair ID> --cert-alias <cert_alias> --cert-profile-id <profile ID>
There are three ways you can identify the keypair ID.