DigiCert On-prem CA
Add a DigiCert On-prem CA connector to use DigiCert® Trust Lifecycle Manager to issue, import, and revoke private non-escrow certificates from a DigiCert On-premises Private CA server.
Before you begin
On-prem CA prerequisites
DigiCert On-premises Private CA server installed and configured on your network. To learn more, see DigiCert® Private CA.
You need the URL used to access and issue certificates from the DigiCert On-prem CA.
You need an API key for your On-prem CA account for a user with the Issuer role.
Trust Lifecycle Manager prerequisites
The DigiCert On-prem CA feature must be enabled for your account. Contact your DigiCert account representative to verify or enable this feature.
You need an active DigiCert sensor on your network that can connect to the URL for the DigiCert On-prem CA. To learn more, see Deploy and manage sensors.
Add On-prem CA connector
From the Trust Lifecycle Manager main menu, select Integrations > Connectors.
Select the Add connector button.
In the Certificate authorities section, select the option for DigiCert On-prem CA.
Complete the form as described in the following steps.
Configure general properties in the top section of the form:
Name: Assign a friendly name to this connector.
Business unit: Select a business unit for this connector. Only users assigned to this business unit can manage the connector.
Managing sensor: Select the DigiCert sensor that will manage this connector.
In the Link account section, enter the access details for your
On-prem CAserver:On-prem URL: The complete URL used to access and issue certificates from the On-prem CA.
API key: The API key of your On-prem CA account.
Anmerkung
The API key must be associated with a user assigned the Issuer role.
Fill out the Import attributes section if you want to import existing certificates from the DigiCert On-prem CA connector.
Import certificates from this connector: Select whether to import certificates or not. If importing, select options for which certificates to import.
Fill out the Import certificates section if you want to import all valid certificates, certificates that are about to expire within the selected number of days, or revoked certificates that have not expired.
Business unit (optional): Assign a business unit to imported certificates. Only users assigned to this business unit can manage the imported certificates.
Tags (optional): Assign tags to the imported certificates to help filter and manage them in Trust Lifecycle Manager.
Import frequency: If importing certificates, select scheduling options for ongoing import operations. Enter a value and select units (minutes, hours, or weeks) for how often to check for new certificates to import from the linked On-prem CA account.
Select Add to create the On-prem CA connector with the configured settings.
Issue certificates
Available base templates
Use one of the following base templates to create certificate profiles in Trust Lifecycle Manager for issuing certificates from a connected On-prem CA server.
Template name | Seat type | Enrollment methods | Authentication method |
|---|---|---|---|
|
|
| |
|
|
| |
|
|
| |
|
| ||
|
| ||
|
| ||
|
| ||
|
|
Create profiles
Create each On-prem CA certificate profile from one of the above templates. Complete the profile creation wizard based on your unique business needs and how you plan to deploy the On-prem CA certificates. Key profile settings for On-prem CA include:
CA service: Select
DigiCert On-prem CA, then select the On-prem CA connector to use from the dropdown.Issuing CA: Select the name of the DigiCert On-premises Private CA to issue certificates from.
Enrollment method: Select the enrollment method based on the base template you started with.
What's next
Monitor and manage certificates from your Inventory page in Trust Lifecycle Manager.
Go to the Integrations > Connectors page to view, check status, or manage a connector.
Select one of the View actions for a connector to load a pre-filtered inventory list of digital trust assets associated with it.