CertCentral integration
Publicly trusted code signing certificates must conform to strict CA/B forum guidelines and be validated by a a third party trusted certificate authority like DigiCert. Integrate your DigiCert® Software Trust Manager account with CertCentral to order and manage publicly trusted certificates from your account.
Enable CertCentral integration
Nota
If your account is hosted by DigiCert, contact your account manager to enable CertCentral integration.
If your account is self-hosted, your system administrator can enable CertCentral by following the steps below:
Sign in to DigiCert ONE as an account level system admin.
Navigate to the Manager menu icon (top right corner) > Software Trust.
In the left navigation bar, select Account > Account settings.
Select the pencil icon next to System.
Select Enable CertCentral integration.
Select Update settings.
CertCentral integration
Software Trust Manager integrates with CertCentral to request publicly trusted code signing certificates from DigiCert, a publicly trusted Certificate Authority (CA).
Nota
To integrate with CertCentral, you will need to have a:
Software Trust Manager lead role or
Manage CertCentral API key
permissionCertCentral global or CertCentral Europe account
Sign in to DigiCert ONE.
Navigate to the Manager menu icon (top-right) > Software Trust.
In the left navigation bar, select Integrations.
Under Certificate authorities, click the CertCentral logo.
Complete the following fields
Field
Description
Where is your CertCentral account located?
Select the radio button based on where your CertCentral is located:
CertCentral global
https://certcentral.digicert
CertCentral Europe
https://certcentral.digicert.eu/
How would you like to connect your account?
If you select Connect using my CertCentral API key, you will need to provide:
An identifiable name for your CertCentral API alias
If you select Connect using my CertCentral credentials, you will need to provide your:
CertCentral username
CertCentral password
Nota
For DigiCert single login users, there is an additional integration method. This method will automatically pull your CertCentral API key, provided that your CertCentral account is already linked to your single login account. This method is easier than existing methods that require you to provide your username and password or API key for your CertCentral account.
Click Add to integrate with CertCentral.
Sugerencia
You are ready to manage your publicly trusted code signing certificates.
Create a CertCentral API key
Sign in to CertCentral.
In the left-hand side navigation bar, select Automation.
Navigate to: API Keys > Add API Key.
Complete the following fields:
Field
Description
Description
Provide an identifiable name for your CertCentral API key.
User
Select a user you want to link the CertCentral API key to.
Nota
The user must have the Administrative role assigned to them in CertCentral.
API key restrictions
Select Orders, Domains, and Organizations.
Select Add API Key.
Nota
The API key is only shown once, it cannot be accessed again. Securely store the API key to use it later.
Update certificate chain in CertCentral
This step is only necessary if you want your CertCentral code signing certificates to be issued from a specific root.
Aviso
Prerequisite
Contact your DigiCert account manager to change the default certificate chain for your CertCentral account or add additional chains.
To change the default Intermediate Certificate Authority (ICA):
Sign in to CertCentral.
In the left-hand side navigation bar, select Settings.
Navigate to: Product Settings > Code Signing > Default intermediate chain.
Select the ICA you want to use.
Create certificate profile for CertCentral
Follow these instructions to create a certificate profile. To use the certificate profile for CertCentral, you must select CertCentral (public trust) as the Profile type.
Create a keypair for CertCentral
Follow these instructions to create a keypair. To use the keypair for CertCentral, you must select HSM as the Storage.
Generate a certificate from CertCentral
Follow these instructions to generate a certificate. To generate a certificate from CertCentral, you must select a public trust certificate profile as the Certificate profile.
View CertCentral certificates
To view public certificate issued by CertCentral:
Sign into DigiCert ONE.
Navigate to: Manager menu (top-right) > Software Trust.
In the left-hand side navigation bar, select Certificates > CertCentral Orders.
Click on the order ID for more information