Create a certificate profile for CMP
To create a certificate profile in DigiCert® Trust Lifecycle Manager for the CMP enrollment method:
In the Trust Lifecycle Manager main menu, select Policies > Certificate profiles.
Select the button to Create profile from template and then select the
Public S/MIME Secure Email using CMP (via CertCentral)
template.Note
If you have not yet created a CertCentral CA connector yet, you will see the summary steps to create one.
Under Primary options:
Enter a profile name.
Select a Business unit, Certificate type, and a publicly-trusted Issuing CA from the respective drop-down lists.
The
CMP
enrollment method andTLC Certificate Auth
methods will be automatically set
Select Next to configure Certificate options:
Validity period
Signing algorithm
Key type and size
Flow options
Note
Duplicate certificates are set to Yes. Also, we do not support a Cloud Key Escrow option yet.
Set the required Subject DN and SAN certificate fields. The source for the field values will be automatically set to
CMP
.
Select Next to configure the Key Usages and Extended Key Usages extensions as per your S/MIME requirements.
Add organizations details: Select or search for an organization from the list of organizations available on your CertCentral account. All issued certificates will be bound to the selected organization and include the Organization value inside the Subject DN.
Add contact details. Select contact details (Name, Email, Phone) linked to the validated organization, or select custom contact details.
Optionally, enter one or more Tags to identify certificates issued from the profile being created
Select Next to configure Advanced settings:
Leave the Seat ID Mapping value set to SAN RFC822 name (email).
In the dropdown list, select the service user you created for GBS access.
Select Create to save the profile configuration.
Copy the CMP URL, which will be required when configuring the email gateway software.