Skip to main content

KeyLocker lead

CertCentral master administrators automatically become the KeyLocker lead. The KeyLocker lead role is usually assigned to an account lead who manages assets, users, and is able to sign with the key stored in DigiCert​​®​​ KeyLocker.

Permissions

The DigiCert​​®​​ KeyLocker lead role has the following permissions assigned:

Category

Permission

User can

User settings

Default

View their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.

Manage user

  • View details for all users, accounts, and organizations.

  • Modify, add, or remove users.

  • Generate the API key and client authentication certificate for service users because they do not have access to DigiCert​​®​​ KeyLocker.

Account settings

Manage CertCentral API key

Delete, disable, enable, setup, update and validate a CertCentral API key.

Certificates

View certificate

View certificate details for all certificates assigned to them.

Note

Users with Manage keypair permission can view all certificates within the account.

Revoke certificate

Revoke certificates associated with keypairs that they are assigned to.

Note

Users with Manage keypair permission can revoke certificates associated to any keypair within the account.

Keypairs

View keypair

View keypair details in the account.

Manage keypair

Update the keypair alias.

Signatures

Sign

Sign software with keypairs assigned to them.