Step CA

Link DigiCert® Trust Lifecycle Manager to Step CA to enroll and manage private certificates from a step-ca server.

Before you begin

The Step CA feature must be enabled for your account. Contact your DigiCert account representative to verify or enable this feature.
You need an active DigiCert sensor on your network that can connect to the step-ca server.
Gather the following information for your step-ca server:
- The URL path used to access the step-ca server. Your DigiCert sensor must be able to connect to the Step CA at this URL.
- The fingerprint of the root CA certificate for the step-ca server.

Add Step CA connector

From the Trust Lifecycle Manager main menu, select Integrations > Connectors.
Select the Add connector button.
In the Certificate authorities section, select the option for Step CA.
Complete the form as described in the following steps.
Configure the general connector properties in the top section of the form:
- Name: Assign a friendly name to this connector.
- Business unit: Select a business unit for this connector. Only users assigned to this business unit can manage the connector.
- Managing sensor: Select the DigiCert sensor that will manage this connector.
In the Link step-ca section, enter the access details for your private step-ca server:
- Step CA URL: The complete URL path used to access and issue certificates from the Step CA.
- Root CA certificate fingerprint: The fingerprint of the root CA certificate for the Step CA.
Select Add to create the Step CA connector with the configured settings.

Issue certificates

Certificate template

Use the following base template to create certificate profiles in Trust Lifecycle Manager for issuing private certificates from a connected step-ca server.

Template name	Seat type	Enrollment methods
`Step CA private server certificate`	Certificate management	Admin web request DigiCert sensor REST API

Create profiles

Create each Step CA certificate profile from the above template. Complete the profile creation wizard based on your unique business needs and how you plan to deploy the Step CA certificates. Key profile settings for Step CA include:

Connector: Select the connector for accessing the step-ca server.
Step CA Provisioner: Select the Step CA provisioner to use for authenticating certificate requests.
Provisioner password: Enter the password for the selected Step CA provisioner.
Enrollment method: Select the method for enrolling certificates from the Step CA:
- Admin web request: To request certificates with automated delivery to web servers, Azure key vaults, or AWS Certificate Manager.
- DigiCert sensor: To install certificates on a network appliance or cloud service using a DigiCert sensor.
- REST API: To request certificates from ServiceNow using the DigiCert® Trust Lifecycle Manager app.

What's next

Monitor and manage certificates from your Inventory page in Trust Lifecycle Manager.
Go to the Integrations > Connectors page to view, check status, or manage a connector.
Select one of the View actions for a connector to load a pre-filtered inventory list of digital trust assets associated with it.

In this section: