Skip to main content

Create a certificate profile for CMP

To create a certificate profile in DigiCert​​®​​ Trust Lifecycle Manager for the CMP enrollment method:

  1. In the Trust Lifecycle Manager main menu, select Policies > Certificate profiles.

  2. Select the button to Create profile from template and then select the Public S/MIME Secure Email using CMP (via CertCentral) template.

    Note

    If you have not yet created a CertCentral CA connector yet, you will see the summary steps to create one.

  3. Under Primary options:

    1. Enter a profile name.

    2. Select a Business unit, Certificate type, and a publicly-trusted Issuing CA from the respective drop-down lists.

    3. The CMP enrollment method and TLC Certificate Auth methods will be automatically set

  4. Select Next to configure Certificate options:

    • Validity period

    • Signing algorithm

    • Key type and size

    • Flow options

      Note

      Duplicate certificates are set to Yes. Also, we do not support a Cloud Key Escrow option yet.

    • Set the required Subject DN and SAN certificate fields. The source for the field values will be automatically set to CMP.

  5. Select Next to configure the Key Usages and Extended Key Usages extensions as per your S/MIME requirements.

  6. Add organizations details: Select or search for an organization from the list of organizations available on your CertCentral account. All issued certificates will be bound to the selected organization and include the Organization value inside the Subject DN.

    org_details.png
  7. Add contact details. Select contact details (Name, Email, Phone) linked to the validated organization, or select custom contact details.

    contact_details.png

    Optionally, enter one or more Tags to identify certificates issued from the profile being created

  8. Select Next to configure Advanced settings:

    1. Leave the Seat ID Mapping value set to SAN RFC822 name (email).

    2. In the dropdown list, select the service user you created for GBS access.

      service_user_binding.png
  9. Select Create to save the profile configuration.

  10. Copy the CMP URL, which will be required when configuring the email gateway software.