Add an authentication certificate
Add one or more authentication certificates to an enrollment profile to determine which devices in your environment are trusted and allowed to request certificates using the profile.
Before you begin
Device authentication through authentication certificates is supported for the API, BATCH, SCEP, CMPv2, and EST enrollment methods. Portal enrollments, ACME enrollments, and certificate import do not support device authentication through certificates.
Make sure your account already includes the authentication CAs and authentication CA templates defined for the authentication certificate you want to add.
In DigiCert ONE, in the Manager menu (top right), select IoT Trust.
In the IoT Trust Manager menu, select Enrollment configurations > Enrollment profiles.
Find and select the enrollment profile that requires device authentication.
Tipp
If you are creating a new profile that requires device authentication, first create the profile. After you create the profile, return to the enrollment profiles list and select the new profile.
In the right-hand navigation, select Authentication certificates.
Select Add authentication certificate.
Select the authentication CA template for allowed authentication certificates (if there is more than one template for this enrollment profile).
Enter a Friendly name.
Specify the authentication attributes (determined by the selected authentication CA template):
Define specific certificate attributes.
Upload a certificate with the required attributes.
Generate or create a passcode.
(Optional) Define usage restrictions and registered values.
Select Add authentication certificate.
or
Select Save and add another.