Seat types
DigiCert® Trust Lifecycle Manager is CA agnostic. Use it to manage certificates from a variety of sources.
The issuing CA and certificate use case determine the seat type you need:
Certificates issued by DigiCert® CA Manager use Organization, Device, Server, or User seats.
Certificates issued by external CAs use Certificate management, Discovery, or Imported seats.
DigiCert® CA Manager issuance
Organization seat
A private trust certificate issued by CA Manager and used to create private external issuing CAs capable of issuing end-entity SSL certificates on-demand (typically used for TLS inspection) or used as a private code signing certificate.
Both use cases require a specific certificate template in your account. Contact your DigiCert account representative with inquiries.
Device seat
A private trust certificate issued by CA Manager to a physical device (such as a laptop, computer, or mobile device), typically for authentication or encryption.
A Device seat is consumed for each physical device to which you issue a certificate. Each seat can only be used by that one device.
Server seat
A private trust certificate issued by CA Manager to an organization’s internal servers (including web servers, proxy servers, load balancers, domain controllers, or wireless access points) for client or mutual authentication with users, devices, or other servers.
Server seats support certificate lifecycle automation to help you enroll, update, and install certificates on your systems.
User seat
A public or private trust certificate issued to a person, for use cases including authentication to a private network (VPN) or website, wireless access, or signing/encrypting emails.
Any such certificate issued from a DigiCert-based CA tracks to a User seat. This includes private user certificates from DigiCert® CA Manager or public S/MIME certificates from CertCentral.
User seats are the only type that allow multiple certificates per seat. A single User seat is consumed for each person to whom a certificate is issued. An unlimited number of unique certificates can be issued to that person, and up to 250 duplicate certificates can be issued for any of those unique certificates.
External issuing CAs
Certificate management seat
A public or private trust certificate issued by an external CA that was generated and/or is being managed in Trust Lifecycle Manager through a CA connector.
With Certificate management seats, you can get new certificates or manage existing certificates from external issuing CAs for various end-entity types including users, devices, and servers. Certificate management seats also support certificate lifecycle automation.
Discovery seat
A public or private trust certificate that was discovered and added to your account.
With Discovery seats, you can monitor and set up custom expiration notifications for certificates from any issuing CA, regardless of whether the certificates were issued from your Trust Lifecycle Manager account.
On systems with automation enabled and an available CA connector, discovered certificates can be placed under management with Trust Lifecycle Manager's automation tools, which swaps them out for Server or Certificate management seats.
Imported seat
A private trust certificate issued by an external CA that was uploaded into Trust Lifecycle Manager, and which also had its issuing CA imported into DigiCert® CA Manager.
With Imported seats, you can monitor and manage existing certificates from external private CAs, including certificate validation and revocation.
Summary of seat type properties
Seat type | Issuing CA | Trust type | New enrollments | Use cases |
Organization | DigiCert® CA Manager | Private | Yes | Code signing or create private issuing CAs for TLS inspection. |
Device | DigiCert® CA Manager | Private | Yes | Enroll and manage a certificate for a device like a laptop or mobile device. |
Server | DigiCert® CA Manager | Private | Yes | Enroll and manage a certificate for a private server like a web server, load balancer, or domain controller. |
User | DigiCert® CA Manager (private trust) or CertCentral (public trust, accessed through a CA connector) | Public or private | Yes | Enroll and manage certificates for a person. Allows multiple certificates per person/seat. |
Certificate management | External (accessed through a CA connector) | Public or private | Yes | Enroll and/or manage a certificate for a user, device, or server from an external issuing CA in a connected account. |
Discovery | External (with or without a corresponding CA connector) | Public or private | No | Monitor an existing certificate from any external CA. |
Imported | External (imported into CA Manager) | Private | No | Monitor and manage an existing certificate from an external private CA. |