Skip to main content

DigiCert On-prem CA connector

Add a DigiCert On-prem CA connector to use DigiCert​​®​​ Trust Lifecycle Manager to issue, import, and revoke private non-escrow certificates from a DigiCert Private CA server. This connector is required only when DigiCert Private CA is deployed in a customer-hosted environment, where you install and manage it. If you use the DigiCert-hosted deployment, the connector is not needed.

Before you begin

DigiCert Private CA prerequisites

  • DigiCert Private CA server installed and configured on your network. For more details about the prerequisites for DigiCert Private CA, see Install and host your private CA.

  • You need the URL used to access and issue certificates from the DigiCert Private CA.

  • You need an API key for your private CA account for a user with the Issuer role. For more details about adding API service users in customer-hosted environments, see Add API users.

Trust Lifecycle Manager prerequisites

  • The DigiCert On-prem CA feature must be enabled for your account. Contact your DigiCert account representative to verify or enable this feature.

  • You need an active DigiCert sensor on your network that can connect to the URL for the DigiCert Private CA. To learn more, see Deploy and manage sensors.

Add private CA connector

  1. From the Trust Lifecycle Manager main menu, select Integrations > Connectors.

  2. Select the Add connector button.

  3. In the Certificate authorities section, select the option for DigiCert On-prem CA.

    Complete the form as described in the following steps.

  4. Configure general properties in the top section of the form:

    • Name: Assign a friendly name to this connector.

    • Business unit: Select a business unit for this connector. Only users assigned to this business unit can manage the connector.

    • Managing sensor: Select the DigiCert sensor that will manage this connector.

  5. In the Link account section, enter the access details for your private CA server:

    • On-prem URL: The complete URL used to access and issue certificates from the private CA.

    • API key: The API key of your DigiCert Private CA account.

      Nota

      The API key must be associated with a user assigned the Issuer role.

  6. Fill out the Import attributes section if you want to import existing certificates from the DigiCert Private CA connector.

    • Import certificates from this connector: Select whether to import certificates or not. If importing, select options for which certificates to import.

  7. Fill out the Import certificates section if you want to import all valid certificates, certificates that are about to expire within the selected number of days, or revoked certificates that have not expired.

  8. Business unit (optional): Assign a business unit to imported certificates. Only users assigned to this business unit can manage the imported certificates.

  9. Tags (optional): Assign tags to the imported certificates to help filter and manage them in Trust Lifecycle Manager.

  10. Import frequency: If importing certificates, select scheduling options for ongoing import operations. Enter a value and select units (minutes, hours, or weeks) for how often to check for new certificates to import from the linked private CA account.

  11. Select Add to create the DigiCert Private CA connector with the configured settings.

Issue certificates

Available base templates

Use one of the following base templates to create certificate profiles in Trust Lifecycle Manager for issuing certificates from a connected private CA server.

Template name

Enrollment methods

Authentication method

  • CA Manager Private Server Certificate

  • Admin web request

  • DigiCert agent

  • DigiCert sensor

  • 3rd-party ACME client

  • Not applicable

  • CA Manager Private mTLS Certificate

  • mTLS over ACME

  • Not applicable

  • Generic Device Certificate

  • Generic Private Server Certificate

  • Generic User Certificate

  • CSR

  • Browser PKCS12

  • Enrollment Code

  • Manual Approval

  • SAML IdP

  • DigiCert Trust Assistant

  • Enrollment Code

  • Manual Approval

  • SAML IdP

  • EST

  • Enrollment Code

  • TLM Certificate Auth

  • iOS/iPad OS

  • Enrollment Code

  • SCEP

  • Enrollment Code

  • REST API

  • 3rd Party app

  • Enrollment Code

Create profiles

Create each DigiCert Private CA certificate profile from one of the above templates. Complete the profile creation wizard based on your unique business needs and how you plan to deploy the private CA certificates. Key profile settings for private CA include:

  • CA service: Select DigiCert On-prem CA, then select the On-prem CA connector to use from the dropdown.

  • Issuing CA: Select the name of the DigiCert Private CA to issue certificates from.

  • Enrollment method: Select the enrollment method based on the base template you started with.

What's next

  • Monitor and manage certificates from your Inventory page in Trust Lifecycle Manager.

  • Go to the Integrations > Connectors page to view, check status, or manage a connector.

  • Select one of the View actions for a connector to load a pre-filtered inventory list of digital trust assets associated with it.

En esta sección: