Skip to main content

Create a client authentication certificate for a service user

An API key is automatically generated when a service user is created. However, you can generate a client authentication certificate instead of using your API key to securely authenticate API requests. Creating a client authentication certificate may be useful for a service user if:

  • You prefer certificate-based authentication for enhanced security.

  • Your organization’s security policies require certificate authentication.

  • You want to avoid exposing API keys in API requests.

Tip

Specify the file path of your installed authentication certificate in the request header.

Before you begin

It may be useful to you to consider the following before you begin:

  • The certificate cannot be downloaded again after you generate it. Save it securely.

  • The certificate has an expiration date:

    • The certificate expiry date cannot exceed service user’s end date. If needed, update the service user’s end date before creating the certificate.

    • The date cannot be updated after the certificate is generated.

    • You must replace the certificate before it expires to avoid API failures.

  • Store the certificate password securely, it is shown only once.

To create a client authentication certificate

  1. Sign in to DigiCert ONE.

  2. Navigate to the Manager menu icon (top-right), select Account.

  3. In the left navigation menu, select Access > Service users.

    This takes you to the list of service users in your account.

  4. In the Friendly name column, select the service user's friendly name.

    This takes you to the service user details page.

  5. Scroll down to the Authentication certificates section.

  6. Select Create authentication certificates.

  7. On the Generate authentication certificate page, provide the following information:

    1. Nickname

      This is the friendly name shown on the Service user details page. The name must be unique and may only include letters, numbers, spaces, dashes, and underscores.

    2. End date

      Enter an expiry date for the certificate.

    3. Encryption

      Select an encryption algorithm to use for securing communications. DigiCert recommends AES (Advanced Encryption Standard), which is the default selection.

    4. Signature hash algorithm

      Select a hash function to use for verifying data integrity. DigiCert recommends SHA-256, which is the default selection.

  8. Select Generate certificate.

  9. In the Generate authentication certificate popup window, copy the certificate password and store it in a secure location.

    Tip

    This password is required for installation and API requests. You will not be able to retrieve it later.

  10. Download Download certificate and save the file securely.

    Tip

    You cannot download it again. If lost, you must generate a new certificate.

  11. Save the authentication certificate to your computer.

  12. Select Close.

Next steps

  1. Specify the file path of your installed certificate in API request headers.

  2. Keep track of the expiration date and generate a new certificate before it expires.

  3. Ensure the certificate password is correctly configured in the DigiCert ONE API.

Publication date: