Windows Credential Manager enhances security by securely storing login credentials in an encrypted vault, safeguarding them from unauthorized access. You can strengthen the security of your API key and client authentication certificate password by storing them in Windows Credential Manager.
Once your credentials are stored, all DigiCert® Software Trust Manager client tools can retrieve your credentials from Windows Credential Manager.
To save your API key and Client authentication certificate to Windows Credential Manager, follow these steps:
Open a command prompt.
Run the following command, replacing <API Key> and <Client authentication certificate password> with your actual credentials:
smctl credentials save <API key> <Client authentication certificate password>
You can use this command any number of times to overwrite the credentials stored.
After installation, you may need to update your system’s PATH environment variable to access smctl from any command line without specifying the full path.
Option 1: Temporarily update the PATH via the command line
This action updates the PATH for the current command line session only.
Run the following command:
set PATH=%PATH%;"C:\Program Files\DigiCert\DigiCert Keylocker Tools
Option 2: Permanently update the PATH via the command line
This action ensures that smctl is accessible in future command-line sessions.
Access the command line in admin mode.
Run the following command:
set PATH=%PATH%;"C:\Program Files\DigiCert\DigiCert One Signing Manager Toolsset PATH=%PATH%;"C:\Program Files\DigiCert\DigiCert Keylocker Tools
Option 3: Update the PATH via Windows GUI
Open the Start menu, and then search for Edit the system environment variables.
Select Environment Variables.
Under System variables, select Path, and then select Edit.
Select New, and then add the following path:
C:\Program Files\DigiCert\DigiCert Keylocker ToolsSelect OK to save and exit.
Once your API key and client authentication certificate password is securely stored in Windows Credential Manager, use the following session-based command to set the path to your Host and client authentication certificate in SMCTL:
set SM_HOST=<host URL>
set SM_CLIENT_CERT_FILE=<P12 client authentication certificate file path>Note
To learn more about the DigiCert ONE host environment and to determine your host URL value, see Host environment.
If your client tool needs to communicate through a proxy, you can configure the HTTPS_PROXY environment variable accordingly. Choose the appropriate command based on your proxy type:
Anonymous proxy
Use this command if your proxy does not require authentication:
Note
Regarding the use of https:// in the following command:
Using https:// will not list keypairs.
Not using https:// will list keypairs.
set HTTPS_PROXY=https://<proxy_host>:<proxy_port> Authenticated proxy
Use this command if your proxy requires authentication:
set HTTPS_PROXY=user:password@<proxy_host>:<proxy_port>If you need to delete credentials saved in the Windows Credential Manager, run the following command in SMCTL:
smctl credentials delete