Quick start
To start using DigiCert® Private CA you need to take the following steps:
Your account could be part of your DigiCert® ONE package or a standalone implementation. In all cases, work with your DigiCert account representative to get your account activated.
It's easier to get things up and running on a DigiCert-hosted environment as your DigiCert representative takes care of most of the work. However, the self-hosted setup is also a small and fast installation.
For DigiCert-hosted environments
Work with your DigiCert representative to:
Activate your account
Obtain the default sign in credentials
Your DigiCert representative can modify CA-specific configuration, add domains, and create additional roots and intermediate CA certificates for you as needed. As your needs change, they work with you to make sure your private CA always meets your requirements.
For self-hosted environments
Work with your DigiCert representative to:
Obtain the installer
Obtain the license file for the installation
Obtain the default sign in credentials
Once you’ve signed in, finish the initial set up and configuration of your private CA:
Change your password if you signed in using a default password provided by DigiCert.
Review or add your admin users and API service users. For a DigiCert-hosted environment, contact your DigiCert representative for adding the users. For a self-hosted environment, you have to add the users yourself.
Learn more about managing users.
Add and configure your Hardware Security Modules (HSM) and their partitions.
Configure your certificate validation policies. This includes:
Configuring certificate revocation lists (CRL)
Configuring Online Certificate Status Protocols (OCSP)
Configuring Authority Information Access (AIA)
Configuring trusted domains
Set defaults for your CRL, OCSP, AIA, and Certificate Policies.
You can create your root and intermediate CA from scratch or import them from another system. For more details, see:
You can connect your private CA to a certificate lifecycle management service to centralize certificate visibility, automate lifecycle operations, and enforce certificate policies.
DigiCert® Trust Lifecycle Manager can add these capabilities to both DigiCert-hosted and self-hosted environments.
DigiCert-hosted environments can connect to Trust Lifecycle Manager through their DigiCert® ONE account.
Self-hosted environments can connect toTrust Lifecycle Manager through a connector. Learn how to set up the connector.
For connecting to third-party certificate management services, refer to the documentation provided by their vendors.
You can enroll, issue, and manage end-entity certificates using your private CAs through the DigiCert APIs.
APIs for DigiCert-hosted environments
See the API documentation at DigiCert ONE CA Manager REST APIs.
APIs for self-hosted environments
Find your API documentation at https://<your domain>/certificate-authority/swagger/
You can also access this documentation by selecting Help > CA APIs in DigiCert Private CA.
Important
When calling the API operations, make sure {server} is the host server for your self-hosted DigiCert Private CA.