Skip to main content

My root certificates

Use the Settings > My root certificates function to upload the certificates for your own root and intermediate certificate authorities (CAs) into DigiCert​​®​​ Trust Lifecycle Manager. This helps analyze and manage the end-entity certificates issued from these CAs:

  • Evaluate certificate security and chain information more accurately.

  • Categorize and manage end-entity certificates by the issuing CA.

  • Create unique certificate lifecycle notifications per issuing CA.

  • Verify trusted CAs for EST client authentication.

Notice

Any root and intermediate CA certificates that you add are account-scoped to the DigiCert​​®​​ Trust Lifecycle Manager account where you uploaded them.

Private versus public roots

Private CA certificates become active as soon as you upload them.

Public CA certificates are initially set to inactive, pending DigiCert review. Contact Support with questions or for help expediting the approval process.

Add a CA certificate

To upload one of your root or intermediate CA certificates into DigiCert​​®​​ Trust Lifecycle Manager:

  1. From the Trust Lifecycle Manager main menu, select Settings > My root certificates.

  2. Select Add CA certificate.

  3. Select the applicable Trust type for this CA certificate (private or public).

  4. Drag and drop the CA certificate file into the Upload certificate area, or click to select the file from your computer.

  5. Select Add to upload the CA certificate.

Important

The certificate file you upload must be encoded in PEM or DER format and have a file extension of .cer or .der. The maximum file size is 5 MB.

View uploaded CA certificates

The Settings > My root certificates page lists all the existing root and intermediate CA certificates you have uploaded into DigiCert​​®​​ Trust Lifecycle Manager.

Select any CA certificate by name to see the complete details for it.

Manage your CA certificates

From the list of CA certificates on the Settings > My root certificates page you can:

  • Use the download icon to download the certificate file for any of your existing CAs.

  • Use the Delete action to remove any CA certificate from DigiCert​​®​​ Trust Lifecycle Manager, or select multiple CA certificates to delete in bulk.

Warning

Deleting a CA certificate may result in reduced management functionalities and/or less accurate analysis of any end-entity certificates issued from that CA.

In this section: