Keypair profiles
Keypair profiles simplify keypair generation by preconfiguring values for all keypair options. For further profile controls by implement Teams. Keypair profiles are only enforced when enabled on your account.
Enable keypair profiles
You require the Manage keypairs permission to enable keypair profiles.
Sign in to DigiCert ONE.
Navigate to: Manager menu (top right) > DigiCert® Account Manager > Account > Account settings.
Select DigiCert® Software Trust Manager > Account > Account settings.
Select the edit icon.
Select the checkbox next to Require keypair profile to generate keypair.
Select Update settings.
Create keypair profiles
You require the Manage keypair permission to create a keypair profile.
Sign in to DigiCert ONE.
Navigate to: Manager menu (top right) >DigiCert® Software Trust Manager > Keypairs > Keypair profiles.
Select Create keypair profile.
Complete these fields:
Field | Description |
|---|---|
Profile name | Name to uniquely identify this keypair profile. |
Profile type | Select Fixed (user cannot change values during keypair generation) or Customizable (user can change values during keypair generation) |
Profile scope | Select System or Account (only an account scope user can choose account). |
Keypair status | Select Online (used to generate a keypair at any time) or Offline (only used during a scheduled release). See Creating a release. |
Algorithm | Select RSA, ECDSA, or EdDSA (when you select EdDSA the key curve sets to Ed25519) |
Key size / Key curve | Select 2048, 3072, or 4096 key size for RSA algorithms. |
Select P-256 or P-384 key curve for ECDSA algorithms. | |
Ed25519 is the only allowed key curve for EdDSA algorithms. | |
Keypair category | Select Production or Test. |
Keypair storage | Select if the key should be generated and stored on HSM or Disk. |