Skip to main content

Test signing

DigiCert​​®​​ Software Trust Manager supports both production and test signings. Test signings allow you to sign software during development or test phases using short-lived, private certificates that do not consume more expensive production signings.

Limitations

  • Test keypairs expire after a maximum of 30 days.

  • Test certificates expire after a maximum of 7 days.

Create certificate profile

You require the Manage certificate profile permission to create a certificate profile.

  1. Sign in to DigiCert ONE.

  2. Select the Manager menu (top right) > Software Trust.

  3. Navigate to: Certificates > Certificate profiles.

  4. Select Create certificate profile.

  5. Complete the following fields:

    Field

    Description

    Name

    Enter a name to easily identify this test certificate profile.

    Profile type

    Select CA Manager (Private trust).

    Organization

    Select your organization.

    Issuing Certificate Authority

    Select a Issuing Certificate Authority (ICA).

    Profile category

    Select Test.

    Certificate template

    Select a certificate template.

  6. Select Create certificate profile.

Anmerkung

You will need the certificate profile ID when creating keypairs from the command line (SMCTL). How do I locate the certificate profile ID?

Create test keypair and certificate in UI

  1. Sign in to DigiCert ONE.

  2. Navigate to the Manager menu (top right) > Software Trust.

  3. Select Keypairs.

  4. Select Create keypair.

  5. Complete the following fields:

    Field

    Description

    Keypair type

    Select Static (keypair will remain the same) or Dynamic (keypair will change every time you complete a signature).

    Keypair alias

    Name to uniquely identify this keypair.

    Team

    Select a team that should have access to this keypair.

    Anmerkung

    You will only see this field if you enable Teams under Account settings.

    Keypair profile

    Select a keypair profile. If you have selected a team. you will only see keypair profiles allocated to that team.

    Algorithm

    Select RSA, ECDSA, or EdDSA.

    Anmerkung

    When you select EdDSA the key curve sets to Ed25519).

    Key size

    Select 2048.

    Keypair category

    Select Test.

    Keypair storage

    Select Disk.

    Keypair status

    Select Online.

    Access

    Select Open (can be used by any account user) or Restricted (can only be used by specified users or a member of a specified user group.

    Allowed users

    For Restricted keypairs, you can specify which users can use the keypair.

    Allowed user groups

    For Restricted keypairs, you can specify one or more groups that are authorized to use the keypair.

    Generate certificate

    Check this box to generate a corresponding default certificate for the keypair.

  6. Click Create keypair.

Test keypair and certificate in SMCTL

Same alias

This command creates a keypair and certificate with the same alias.

smctl keypair generate rsa <shared alias> --generate-cert --cert-profile-id <cert_profile_ID> --key-type TEST

If successful, SMCTL outputs the keypair ID.

 

Different alias

This command creates a keypair and certificate with different aliases.

smctl keypair generate rsa <key alias> --generate-cert --cert-alias <cert alias> --cert-profile-id <cert_profile_ID> --key-type TEST

If successful, SMCTL outputs the keypair ID.

New certificate for existing key

This command creates a new certificate for an existing keypair, which is typically used to generate a new 7-day certificate for an existing 30-day keypair.

smctl keypair generate-cert <keypair ID> --cert-alias <cert_alias> --cert-profile-id <profile ID>

There are three ways you can identify the keypair ID.

In diesem Abschnitt: