Skip to main content

Certificates

The DigiCert​​®​​ Software Trust Manager certificates feature allows you to view all code signing certificates in your account.

Types of certificates

You can generate public or private code signing certificates in DigiCert​​®​​ Software Trust Manager.

Public code signing certificates

Publicly trusted code signing certificates:

  • Follows strict CA/B forum guidelines.

  • Are issued by DigiCert (a third party trusted certificate authority) which allows your software to be universally trusted by operating systems.

  • Contains verified information about your organization.

Nota

When a user downloads software that is signed with a publicly trusted code signing certificate, the operating system they are using and the user knows that a legitimate and trusted entity published it.

Private code signing certificates

Private code signing certificates (also known as self signed code signing certificates):

  • Are more flexible and does not have to follow any guidelines.

  • Are signed by you.

  • Are only trusted by machines that have your public key within their trust store.

Nota

When a user downloads software that is signed with a publicly trusted code signing certificate and the user does not have your public key within their trust store, the operating system will warn your user that your software is not trusted.

View certificates

You require the View certificate permission to view certificates.

To view your certificates:

  1. Sign in to DigiCert ONE.

  2. Navigate to: Manager menu (top right) > Software Trust.

  3. Select Certificates.

  4. Click on the certificate alias to view more information.

Generate a certificate

You require the View keypair and Generate certificate permission to create a keypair.

You can generate a certificate from Software Trust Manager or SMCTL.

Import code signing certificate

You require the Import certificate permission to import a code signing certificate.

You can import a code signing certificate from Software Trust Manager or SMCTL.

Identify certificate alias

Retrieve the certificate alias via DigiCert​​®​​ Software Trust Manager or Signing Manager Controller (SMCTL).

Download certificate

You require the View certificate permission to download a certificate.

To download a certificate:

  1. Sign in to DigiCert ONE.

  2. Navigate Manager menu icon (top right) > Software Trust.

  3. Select Certificates.

  4. Click on the certificate alias.

  5. Identify the Certificate field.

  6. Click the Download icon or copy and paste the plain text.

Edit certificate

You require the View certificate permission to download a certificate.

To edit the certificate alias, enable, or disable auto-renewal:

  1. Sign in to DigiCert ONE.

  2. Navigate Manager menu icon (top right) > Software Trust.

  3. Select Certificates.

  4. Click on the certificate alias.

  5. Identify the General information field.

  6. Click the Edit icon.

  7. Change the certificate alias or auto-renewal status.

  8. Select Update.

Identify the certificate fingerprint/thumbprint

You require the View certificate permission to identify the certificate fingerprint/thumbprint.

To identify the certificate fingerprint/thumbprint:

  1. Sign in to DigiCert ONE.

  2. Navigate to the Manager menu (top right) > Software Trust.

  3. Select Certificates.

  4. Click on the certificate alias .

  5. Identify the Fingerprint/thumbprint field.

Revoke certificate

You require the Revoke certificate permission to revoke a certificate.

To revoke a certificate:

  1. Sign in to DigiCert ONE.

  2. Navigate to the Manager menu (top right) > Software Trust.

  3. Select CertCentral orders.

  4. Hover over the certificate alias .

  5. Click on the Revoke icon.

  6. Specify the following:

    1. Revocation reason

    2. Description

    3. Revocation date

      Sugerencia

      If you become aware that your certificate was compromised on a previous date, backdate the revocation date to invalidate any signatures from that date.

Sync certificate

Sync your certificates to pull the latest certificate status from CertCentral. This action may be useful to you if your order status in CertCentral is different to your status in Software Trust Manager. You require the View certificate permission to sync a certificate.

To sync a certificate:

  1. Sign in to DigiCert ONE.

  2. Navigate to the Manager menu (top right) > Software Trust.

  3. Select Certificates.

  4. Hover over the certificate alias.

  5. Click on the sync icon.

Bulk actions

You can sync multiple certificates by using the workflow below:

  1. Sign in to DigiCert ONE.

  2. Navigate to the Manager menu (top right) > Software Trust.

  3. Select Certificates.

  4. Select the boxes next to the order ID for all the certificates that you want to apply the bulk action to.

  5. Hover over a order ID that you have selected.

  6. Select Bulk actions.

  7. Click on the Sync orders.

Delete certificate

You require the Approve keypair delete permission to delete a certificate.

To delete a certificate:

  1. Sign in to DigiCert ONE.

  2. Navigate to the Manager menu (top right) > Software Trust.

  3. Select Certificates.

  4. Hover over the certificate alias .

  5. Click on the Delete icon.

Troubleshooting

Description: This error occurs when creating a certificate fails.

Error: 

Error creating certificate. Check logs for more information.

Solution: This error can appear for various reasons, check the Audit logs for more information.

To check the audit logs:

  1. Sign in to DigiCert ONE.

  2. Select the Manager menu (top right) > Software Trust.

  3. Navigate to: Logs > Audit logs.

  4. Identify the log with the following parameters:

    Status

    Resource Type

    Action

    Failure

    Certificate

    Generate

  5. Click on the date next to this event.

  6. Identify the Error message field.

En esta sección: