Step CA
Link DigiCert® Trust Lifecycle Manager to Step CA to enroll and manage private certificates from a step-ca
server.
Before you begin
DigiCert prerequisites
The Step CA feature must be enabled for your account. Contact your DigiCert account representative to verify or enable this feature.
You need an active DigiCert sensor on your network that can connect to the
step-ca
server.
Step CA prerequisites
Your Step CA must be running with deployment type
standalone
.Gather the following information for your Step CA:
The URL used to access the
step-ca
server. Your DigiCert sensor must be able to connect to the Step CA at this URL.The fingerprint of the root CA certificate. Get this from the config/defaults.json file in the Step CA installation folder.
Add Step CA connector
From the Trust Lifecycle Manager main menu, select Integrations > Connectors.
Select the Add connector button.
In the Certificate authorities section, select the option for Step CA.
Complete the form as described in the following steps.
Configure general properties in the top section of the form:
Name: Assign a friendly name to this connector.
Business unit: Select a business unit for this connector. Only users assigned to this business unit can manage the connector.
Managing sensor: Select the DigiCert sensor that will manage this connector.
In the Link step-ca section, enter the access details for your private
step-ca
server:Step CA URL: The complete URL used to access and issue certificates from the Step CA.
Root CA certificate fingerprint: The fingerprint of the root CA certificate for the Step CA.
Select Add to create the Step CA connector with the configured settings.
Issue certificates
Certificate template
Use the following base template to create certificate profiles in Trust Lifecycle Manager for issuing private certificates from a connected step-ca
server.
Template name | Seat type | Enrollment methods |
---|---|---|
|
|
Create profiles
Create each Step CA certificate profile from the above template. Complete the profile creation wizard based on your unique business needs and how you plan to deploy the Step CA certificates. Key profile settings for Step CA include:
Connector: Select the connector for accessing the
step-ca
server.Step CA Provisioner: Select the Step CA provisioner to use for authenticating certificate requests.
Provisioner password: Enter the password for the selected Step CA provisioner.
Enrollment method: Select the method for enrolling certificates from the Step CA:
Admin web request: To request certificates with automated delivery to web servers, Azure key vaults, or AWS Certificate Manager.
DigiCert sensor: To install certificates on a network appliance or cloud service using a DigiCert sensor.
REST API: To request certificates from ServiceNow using the DigiCert® Trust Lifecycle Manager app.