Skip to main content

Standard keypairs

A keypair refers to a public key and an associated private key. The public key encrypts data that can only be decrypted by its associated private key, thereby establishing an encrypted connection.

View keypair

You require the View keypair and Generate keypair permission to create a keypair.

To view keypairs:

  1. Sign in to DigiCert ONE.

  2. Navigate to: Manager menu (top right) > Software Trust Manager > Keypairs.

  3. Click on the keypair alias to view more information

  4. Click Create keypair.

Generate keypair

You require the View keypair and Generate keypair permission to create a keypair.

  1. Sign in to DigiCert ONE.

  2. Navigate to: Manager menu (top right) > DigiCert​​®​​ Software Trust Manager > Keypairs > Create keypair.

  3. Complete the following fields:

    Field

    Description

    Keypair type

    Select Static (keypair will remain the same) or Dynamic (keypair will change every time you complete a signature).

    Keypair alias

    Name to uniquely identify this keypair.

    Team

    Select a team that should have access to this keypair. You will only see this field if you enable Teams under Account settings.

    Keypair profile

    Select a keypair profile. If you have selected a team. you will only see keypair profiles allocated to that team.

    Algorithm

    Select RSA, ECDSA, or EdDSA. When you select EdDSA the key curve sets to Ed25519.

    Key size

    Select 2048,3072, or 4096.

    Keypair category

    Select Production or Test.

    Keypair storage

    Select that the keypair should be generated and stored on HSM or Disk. For public trust, you must select HSM.

    Nota

    To use DPOD HSM storage, DPOD must be set up in CA Manager and enabled for your account.

    Keypair status

    Select Online (can be used to sign anytime) or Offline (can only be used to sign during a scheduled release).

    Access

    Select Open (can be used by any account user) or Restricted (can only be used by specified users or a member of a specified user group.

    Allowed users

    For Restricted keypairs, you can specify which users can use the keypair.

    Allowed user groups

    For Restricted keypairs, you can specify one or more groups that are authorized to use the keypair.

    Generate certificate

    When this box is checked, the keypair will be generated with a corresponding default certificate for the keypair.

  4. Click Create keypair.

Generate a certificate

You require the View keypair and Generate certificate permission to create a keypair.

  1. Sign in to DigiCert ONE.

  2. Navigate to: Manager menu (top right) > DigiCert​​®​​ Software Trust Manager > Keypairs.

  3. Hover over the keypair you want to use to create the certificate until the menu icon appears.

  4. Select Generate certificate.

  5. Complete the following fields:

    Field

    Description

    Certificate alias

    Enter a unique name to identify the certificate.

    Certificate profile

    Select a certificate profile.

    Set as default certificate

    Tick this box if you want to set this certificate as the default certificate for the keypair.

Update keypair

You require the View keypair and Manage keypair permission to update a keypair.

  1. Sign in to DigiCert ONE.

  2. Navigate to: Manager menu (top right) >DigiCert​​®​​ Software Trust Manager > Keypairs.

  3. Hover over the keypair alias you want to update.

  4. Select Edit from the menu.

  5. You can update the following fields:

    • Keypair alias

    • Keypair status

    • Access

    • Default certificate

  6. Click Update.

Identify keypair alias

Retrieve the keypair alias via DigiCert​​®​​ Software Trust Manager UI or Signing Manager Controller (SMCTL).

Identify keypair ID

Retrieve the keypair ID via DigiCert​​®​​ Software Trust Manager UI or Signing Manager Controller (SMCTL).

Download public key

Download the public key for your certificate via DigiCert​​®​​ Software Trust Manager UI or Signing Manager Controller (SMCTL).

Import keypair

Import a keypair via DigiCert​​®​​ Software Trust Manager UI or Signing Manager Controller (SMCTL).

You require the Import keypair permission to import a keypair.

Nota

The keypair will import with the following default values:

  • Keypair status: Offline. Offline status means that the key can only be used to sign during a scheduled release. After you import the key, you can change the status to Online, which means that the key can be used to sign at anytime.

  • Keypair access: Open. Open access means that the key can be used by any account user. After you import the key, you can change the keypair access to Restricted, which means that only specified users or a member of a specified user group or team can use the keypair.

  • Keypair category: Production. After you import the key, you can change the keypair category to Test.

Specify a default certificate for a keypair

Set the default certificate for a keypair via DigiCert​​®​​ Software Trust Manager UI or Signing Manager Controller (SMCTL).

Generate CSR

To generate a CSR:

  1. Sign in to DigiCert ONE.

  2. Navigate to: Manager menu (top right) > Software Trust Manager > Keypairs.

  3. Hover over the keypair alias you want to use to generate the CSR.

  4. Select the menu icon that appears while hovering.

  5. Select Generate CSR.

En esta sección: