Skip to main content

Edit enrollment profile

When you edit an enrollment profile, you can only update a few of the fields. To update the enrollment profile mappings, see Edit enrollment profile device field mappings.

  1. In DigiCert ONE®, in the Manager menu (top right), select DigiCert​​®​​ IoT Trust Manager.

  2. In the DigiCert​​®​​ IoT Trust Manager menu, select Enrollment configuration > Enrollment profiles.

  3. On the Enrollment profiles page, locate the profile and select ellipses > Edit.

  4. On the Edit enrollment page, update the Enrollment profile name.

    Remember, this name is how you identify the profile on the Enrollment profile page and on forms that require an enrollment profile, such as the Certificate request form.

  5. In the Device profile dropdown, select a different device profile if needed.

  6. In the Certificate profile dropdown, select a different certificate profile if needed.

  7. In the ICA dropdown, select a different issuing certificate authority (CA) certificate (intermediate or root) if needed.

  8. Manage enrollment profile usage limits

    Select Manage limits and update the enrollment profile limitations as needed.

    1. Limit by IP addresses

      Option 1: Restrict IP address access to enrollment profile

      1. Select Unlimited; this moves the toggle to Limited.

      2. Select Add IP address.

      3. In the IP address field, enter an IP address.

      4. Repeat the process for each additional IP address.

      Option 2: Allow all IP addresses access to the enrollment profile

      1. Select Limited; this moves the toggle to Unlimited.

        When you set the IP addresses to unlimited, all previously entered "allowed" IP addresses are removed.

      2. In the Limitation popup window, select Agree.

    2. Limit by time

      Option 1: Limit operational hour access to enrollment profile

      1. Select Unlimited; this moves the toggle to Limited.

      2. Use the Time zone dropdown to select the time zone for the operating hours' restriction.

      3. To set start and end times for operational hour access to the enrollment profile, in the Allowed hours from and Allowed hours to fields, select the clock icons.

        The clock is a 24-hour clock. Set start and end times in hours, minutes, and seconds.

      Option 2: Allow 24-hour access to enrollment profile

      • Select Limited; this moves the toggle to Unlimited.

    3. Limit by date

      Option 1: Limit operational date access to enrollment profile

      1. Above Start date, select Unlimited; this moves the toggle to Limited.

      2. To set the start date for operational date access to the enrollment profile, in the Start date field, select the calendar icon.

        If you don't want to set a beginning date, leave the Start date field blank. You can also select Limited; this moves the toggle to Unlimited.

      3. To set the end date for operational date access to the enrollment profile, in the End date field, select the calendar icon.

        If you don't want to set the ending date, leave the Valid to field blank. You can also select Limited; this moves the toggle to Unlimited.

      Option 2: Allow unlimited operational date access to enrollment profile

      1. Above Start date, select Limited; this moves the toggle to Unlimited.

      2. Above End date, select Limited; this moves the toggle to Unlimited.

  9. Manage key generation for batch certificate requests

    This section only appears if the enrollment profile supports batch certificate requests.

    Select Manage key generation and update the enrollment profile limitations as needed.

    Under "Who generates the keypairs for the certificate requests?", select one of the following options and provide additional information as needed:

    1. I will generate the keypairs and provide CSRs or public keys

      When you request batch certificates, you must generate the keypairs and include the CSRs or public keys with the request.

    2. DigiCert ONE generates the keypairs and returns encrypted certificates and private keys

      When you request batch certificates, DigiCert ONE generates the keypairs.

      For batch certificate requests where DigiCert ONE generates the keypairs, the requestor must have an authentication certificate. We use the requestor's authentication certificate to encrypt the keypairs and certificates.

      1. Set the default value for the DigiCert ONE generated keypair

        In the Default value when DigiCert ONE generates the keys dropdown, select the default value for the keypair.

      2. Allow user to change

        Check this box to allow the batch certificate requestor to change the keypair value.

    3. Enroller chooses local, or DigiCert ONE generates the keys

      The batch certificate requestor can decide if they will generate the keypairs and provide the CSRs or public key with the request, or if DigiCert ONE will generate the keypairs.

      For batch certificate requests where DigiCert ONE generates the keypairs, the requestor must have an authentication certificate. We use the requestor's authentication certificate to encrypt the keypairs and certificates.

  10. When ready, select Update.

In diesem Abschnitt: