Skip to main content

Create your API token authentication certificate

Authentication certificates have the same permissions and scope as the administrator who creates them.

To create API token authentication certificates, an administrator needs the Account Manager > View user permission. See DigiCert ONE access.

  1. Sign in to DigiCert ONE.

  2. In the top-right corner, select the profile icon > Admin Profile.

  3. On the Admin page, in the Authentication certificates section, select Create authentication certificate.

  4. On the Generate authentication certificate page, provide the following information:

    1. Nickname

      This name is the display name on the Admin details page in the Authentication certificates section. The name must be unique and only include letters, numbers, spaces, dashes, and underscores.

    2. End date

      Enter the certificate expiration date. Make sure that the certificate expiration date does not expire after the API token expiration date.

      If the API token end date does not fit your use case, update or remove the API token end date first. Then come back and generate the authentication certificate.

      Makes sure to note when the authentication certificate expires. You must generate a new certificate and update all API integrations using the certificate before it expires. If you don't, the API token integrations will stop working.

    3. Encryption

      Select an encryption algorithm to use for securing communications. DigiCert recommends AES (Advanced Encryption Standard), which is the default selection.

    4. Signature hash algorithm

      Select a hash function to use for verifying data integrity. DigiCert recommends SHA-256, which is the default selection.

  5. When ready, select Generate certificate.

    After you generate the authentication certificate, you cannot change the end date. To get a new end date, you must generate a new authentication certificate.

  6. In the Generate authentication certificate popup window, copy the certificate's password that protects the certificate and save it in a secure location. You will need to use it later when installing the certificate or using it in your certificate request.

    For example, if using a web API client, such as postman, you must include the location where your certificate is hosted and the certificate's password.

    The certificate's password is only displayed only once. You cannot access it after you select Download certificate. If you ever lose the password, you'll need to generate a new authentication certificate.

  7. After you save the authentication certificate's password, select Download certificate.

  8. Save the authentication certificate to your computer.

    You cannot download the certificate again. If you don't download the certificate or lose it, you'll need to generate a new authentication certificate.

  9. When ready, select Close.

What's next

You can now use the authentication certificate in your request to authenticate to the DigiCert ONE APIs.