Skip to main content

Common workflows

Here's a quick look at the most common workflows in DigiCert® Private CA.

Manage root and intermediate CA certificates

Managing the CA certificates associated with your private CA:

  • For root CA, select Roots under Manage CAs in the left main menu.

  • For intermediate CAs, select Intermediates under Manage CAs in the left main menu.

Adding new CA certificates:

Downloading and exporting CA certificates:

Importing externally-generated root CA and intermediate CA certificates:

Recertifying CA certificates:

Revoking CA certificates:

Manage accounts

If you're using a DigiCert-hosted private CA, you can see the details of your accounts and the CAs linked to them in DigiCert® Private CA

To view the accounts:

  • Sign in to DigiCert Private CA.

  • Select Accounts in the left main menu.

This is not applicable to self-hosted setups of DigiCert Private CA.

Manage default configurations

Default configurations in DigiCert® Private CA can define the global configuration for your DigiCert ONE OCSP, CRL, Authority Information Access (AIA), and common elements that are applied to a root CA, ICA or end-entity during creation. You do not need to configure these elements manually every time you create a certificate. These defaults can be overridden at certificate creation.

To view your default configurations:

  • For OCSPs, select Defaults > OCSP in the left main menu.

  • For CRLs, select Defaults > CRL in the left main menu.

  • For AIA issuer, select Defaults > AIA Issuers in the left main menu.

  • For certificate policies, select Defaults > Certificate Policies in the left main menu.

Manage CRLs

To view, create, or modify your certificate revocation list (CRL) files:

  • Select CRLs in the left main menu.

    Do not confuse this for the CRL option under Defaults.

With DigiCert® Private CA, you can simplify certificate revocation management through automated CRL generation, signing, and distribution.

The service supports both full and delta CRLs, offers flexible scheduling, and integrates securely with HSMs for dependable operations.

Monitoring, alerts, and audit logs help you stay compliant, while redundancy and optimization ensure CRLs remain lightweight, highly available, and always current for seamless validation.

Manage OCSP responders

OCSP responders are a way to check the validity and revocation status of certificates in real-time.

To set up the OCSP responders for a DigiCert-hosted environment:

  1. From the main menu in DigiCert Private CA, select OCSP.

  2. Select Create responder or Import responder to add a new OCSP responder for your private CA.

To set up the OCSP responders for a self-hosted environment, see Set up OCSP responder.

Manage trusted domains

To view and manage the approved domains for your OCSPs, CRLs, and AIA issuers:

  • Select Domains in the left main menu.

    You can view, edit, and disable or enable your existing domains and also add new domains here.

In this section: