Generate a certificate using a PQC keypair

You can generate a certificate using a post-quantum cryptography (PQC) keypair for code signing in DigiCert® Software Trust Manager. PQC algorithms are designed to resist attacks from quantum computers and help protect code signing workflows against future risks.

Before you begin

Before you begin, make sure you have:

A Software Trust Manager account
PQC algorithms enabled on your account
A PQC keypair
A certificate profile that uses PQC algorithm
View keypair and Generate certificate permissions, or Lead, Team lead, or Developer user role

Generate a certificate using a PQC keypair

You can generate a certificate from Software Trust Manager or SMCTL.

Example 1. Software Trust Manager

In the Managers (grid icon) menu, select Software Trust.
Go to Keypairs > Keypairs.
Hover over the keypair alias, and then select More actions ( ) .
Select Generate certificate.

Complete the following fields:

Field	Description
Certificate alias	Enter a unique name to identify the certificate.
Certificate profile	Select a certificate profile. Tip Ensure that the certificate profile uses a PQC algorithm.
Set as default certificate	Select this option if you want to set this certificate as the default certificate for the keypair.

Example 2. SMCTL

To generate a certificate with an existing keypair, run:

smctl keypair generate-cert <keypair ID> --cert-alias <cert_alias> --cert-profile-id <profile ID>

Review the following command sample:

smctl keypair generate-cert 7747527b-6cc0-4ccf-8099-a6df1bf90bc14 --cert-alias <cert_alias> --cert-profile-id 2767525c-7bb0-4def-2075-c5er1fg90bc14

Tip

Ensure that the certificate profile listed in your command uses a PQC algorithm.

Generate a certificate using a PQC keypair

Before you begin

Generate a certificate using a PQC keypair

Tip

Tip

See also