Create a certificate management policy for bootstrap certificates
Before you begin
To complete these steps, ensure you:
Sign in to DigiCert® ONE as a Solution Administrator.
In DigiCert ONE, in the Manager menu (grid at top right), select Device Trust.
In the Device Trust Manager menu, select Certificate management > Certificate management policies.
Select Create certificate management policy.
On the General certificate management policy settings page:
Enter a Name for the bootstrap certificate policy.
Select the Division you created.
Select the required certificate management model.
Select Single certificate request through portal and REST API and register a single device under Certificate management methods.
Select an Authentication policy from the dropdown menu (optional).
Click Next.
On the Certificate settings page:
Select either an End entity certificate profile or an intermediate certificate profile from the dropdown menu.
Select an Issuing CA from the dropdown menu.
Select Server-side keypair generation from the Keypair generation settings section.
DigiCert® generates keypair for certificate issuance. When selecting this option, specify the default key type and size, such as RSA 2048 or P-256.
(Optional) if required, select the Allow the request to select the key and key size at the time of their certificate request checkbox.
(Optional) if required, select the Allow the requestor to select local or server-side keypair generation at the time of their certificate request checkbox.
Click Next.
On the Certificate management method settings page:
Expand the Single certificate request through portal and API section.
Note
Your selected certificate management methods must align with the settings in the certificate profiles. If there are no certificate profiles that support the selected protocols, you will not be able to create a certificate management policy.
Follow the on-screen instructions and select the required fields.
Click Finish to create a certificate management policy for bootstrap certificates.