Skip to main content

Certificate profiles

Certificate profiles are mandatory and simplify certificate generation by preconfiguring values for all certificate options in DigiCert​​®​​ Software Trust Manager. To implement certificate profile controls for groups of users, review our Teams feature.

Create a certificate profile

You require the Manage certificate profile permission to create a certificate profile.

  1. Sign in to DigiCert ONE.

  2. Select the Manager menu (top right) > Software Trust.

  3. Navigate to: Certificates > Certificate profiles.

  4. Select Create certificate profile.

Complete these fields:

Field

Description

Certificate profile alias

Select a name to uniquely identify this certificate profile.

Enrollment method

Select CertCentral for public trust or CA Manager for private trust.

Auto-renew

Select Yes if you want all certificates created using this certificate profile to automatically renew before they expire.

Select No if you do not want any certificates created using this certificate profile to auto-renew.

Select Choose during certificate generation if you are unsure or want the option to choose whether or not you want the certificate to auto-renew when you create a certificate using this certificate profile.

Organization ID

For public trust, select the organization ID from CertCentral associated with the organization name you need listed on all certificates created using this profile.

Issuing certificate authority

For private trust, select one of your private ICAs in DigiCert ONE CA Manager.

Signature hash

For public trust, the signature is SHA256.

Skip approval

For public trust, Select Yes to issue the certificate immediately or No to require an admin to approve the certificate in the CertCentral portal.

Validity

For public trust, specify if the certificate should be valid for a specified number of days, 1 year, 2 years, or 3 years.

Certificate type

For public trust, select Code Signing or EV Code Signing.

Organizational unit

For public trust, this is an optional field where you can add a team, division, or department name that helps you manage the certificate.

Organization

For private trust, select the organization name that should be listed on all certificates created using this profile.

Profile category

Select Production or Test.

Note

Test certificates expire after a maximum of 30 days.

Certificate template

For private trust, select a certificate template in your Software Trust Manager account.

Once these fields are completed, some optional fields will become available:

Field

Description

Signature algorithm

Choose the signature algorithm of the identity certificate. You can choose "match_issuer," meaning it will match the algorithm of the issuing CA, or you can choose a specific algorithm.

Organization unit

Enter an organization unit to be displayed in your certificate details.

Validity duration unit

Can be days or years. This can be limited based on the template you use.

Validity duration value

The number of duration units the certificates created using this profile will be valid. For example, if you enter "days" for Validity duration units and enter "7" for Validity duration value, certificates using this profile will be valid for 7 days. Again, this can be limited based on the template you use.

Key usages: additional usages for RSA

Choose whether certificates using this profile can be used for digital signature, non-repudiation, or key encipherment.

Key usages: additional usages for ECDSA

Choose whether certificates using this profile can be used for digital signature or non-repudiation.

Key usages: additional usages

Choose whether certificates using this profile can be used for code signing or client authentication.

Note

You can also set default values for these fields, which will determine the automatic settings for a certificate that uses the profile you create.

Identify a certificate profile ID

  1. Sign in to DigiCert ONE.

  2. Select the Manager menu (top right) > Software Trust.

  3. Navigate to: Certificates > Certificate profiles.

  4. Click on the certificate profile alias that you want to use to generate the certificate with.

  5. Identify the Certificate profile ID field.

Enable auto-renewal

This feature allows you to better manage your certificates by allowing the system to automatically renew your certificate before your current certificate expires. This is feature was recently added, which means that you may have existing certificate profiles that do not have auto-renewal enabled.

To enable auto-renewal on an existing certificate profile:

  1. Sign in to DigiCert ONE.

  2. Select the Manager menu (top right) > Software Trust.

  3. Navigate to: Certificates > Certificate profiles.

  4. Click on the certificate profile alias.

  5. Click edit icon.

  6. Complete these fields:

Field

Description

Auto-renew

Select Yes if you want all certificates created using this certificate profile to automatically renew before they expire.

Select No if you do not want any certificates created using this certificate profile to auto-renew.

Select Choose during certificate generation if you are unsure or want the option to choose when you create a certificate using this certificate profile.

Auto-renew scope

Select Apply to new certificates only if you only want the auto-renewal settings you have selected to apply to future certificates.

Select Apply to new and existing certificates if you want the auto-renewal settings you have selected to apply future certificates and all certificates you have already created using this certificate profile.