Skip to main content

DigiCert CertCentral

Link to your DigiCert CertCentral® account to issue, import, and manage public DigiCert certificates using the DigiCert​​®​​ Trust Lifecycle Manager platform and its suite of management tools.

Before you begin

You need either a CertCentral API key or CertCentral sign-in credentials for a CertCentral user with a role of Manager or Administrator.

  • If using a CertCentral API key to establish the link, the API key must be configured with API key restrictions set to None. The key must be for a Manager or Administrator user, not a service user.

  • If using the sign-in credentials method, we will automatically generate an API key for the Manager or Administrator user in CertCentral to use for the connector.

Add CertCentral connector

  1. From the Trust Lifecycle Manager main menu, select Integrations > Connectors.

  2. Select the Add connector button.

  3. In the Certificate authorities section, select the tile for CertCentral.

    Complete the form as described in the following steps.

  4. Link account: Select the Region of your CertCentral account and one of the following options for linking to it.

    • Link using CertCentral API key: Enter an active API key from your CertCentral account associated with a user with a role of Manager or Administrator and no restrictions.

    • Link using CertCentral sign-in credentials: Enter an active Username and Password for your CertCentral account, for a user with a role of Manager or Administrator.

    Important

    You must enter the CertCentral account details before you can configure import options for the connector. As soon as you enter the CertCentral account details, Trust Lifecycle Manager attempts to establish the link:

    • If the account link works, the option to toggle on imports gets activated below.

    • If there is an issue establishing the link, you get prompted to enter valid account details.

  5. Import attributes: Select options for importing certificates from your CertCentral account into your DigiCert​​®​​ Trust Lifecycle Manager account to be monitored and managed there.

    • Import certificates from this connector: Select whether to import certificates or not. If importing, select options for which certificates to import.

    • Map CertCentral divisions to business unit (optional): Select options for how to assign imported certificates from different CertCentral divisions to your business units in Trust Lifecycle Manager. Only users assigned to the selected business units can manage the imported certificates. If you do not map the certificates to business units, all Trust Lifecycle Manager account users can manage them.

      • Select divisions to map: Choose this option to map your CertCentral divisions one at a time. After mapping each division, select the Add mapping link to map another one.

      • Map all available divisions: Choose this option to list all the CertCentral divisions in your account that have not been mapped yet. For each available division, select the business unit to assign the certificates to in Trust Lifecycle Manager.

      Important

      You cannot remap CertCentral divisions that have already been mapped to specific business units in Trust Lifecycle Manager through an existing connector. To change mappings for imported certificates, you must delete the existing connector and add a new connector with the new mappings.

    • Tags (optional): Assign tags to imported certificates as another way to help categorize and manage them.

    • Import frequency: If importing certificates, select scheduling options for ongoing import operations. Enter a value and select units (minutes, hours, or weeks) for how often to check for new certificates to import from the linked CertCentral account.

  6. Select Add to create the CertCentral connector with the configured settings.

Edit connector

To update a CertCentral connector, select it from the Trust Lifecycle Manager Integrations > Connectors page and then select the pencil (edit) icon from the connector details page. From the Edit screen, you can:

  • Change the connector name.

  • Update the CertCentral account credentials if they are not valid. Once the credentials are verified and the account is linked, you can no longer edit the credentials and must instead create a new connector if you want to link to a different CertCentral account.

  • Update the certificate import settings and add new mappings for CertCentral divisions that have not already been mapped to a business unit in Trust Lifecycle Manager. If you add new mappings, an additional option appears to Import all data from those CertCentral divisions. By default, only certificates issued since the last import operation will be imported after you update the connector.

    Importante

    The Import all data flag runs as a one-time option after you select the Update button. If you need to run another full-data import, you can select this option from the actions (three-dots) menu on the connector details page.

Manage imports from CertCentral

The CertCentral account used in the connector determines which certificates are available to import. Trust Lifecycle Manager checks for accessible certificates in CertCentral at the Import frequency configured in the connector and imports any newly issued certificates since the last import operation.

To import all certificates from the connector following changes to the role or scope of the associated CertCentral user account or API key, select the option to Import all data from the actions menu on the connector details page. This option is only available if certificate imports are enabled for the connector.

Issue certificates

Available certificate templates

Use the following base templates to create certificate profiles in Trust Lifecycle Manager for enrolling certificates from CertCentral via a connector. Refer to the Policies > Base templates page in Trust Lifecycle Manager for a description and list of use cases for each template.

Template name

Trust type

Seat type

Enrollment methods

CertCentral Private Server Certificate

Private

Certificate management

  • Admin web request

  • DigiCert agent

  • DigiCert sensor

  • REST API

  • 3rd-party ACME client

CertCentral Public Server Certificate

Public

Certificate management

  • Admin web request

  • CSR

  • DigiCert agent

  • DigiCert sensor

  • REST API

  • 3rd-party ACME client

Public Client Authentication (via CertCentral)

Public

User

  • Browser PKCS12

  • CSR

  • DigiCert Trust Assistant

  • Microsoft Autoenrollment

  • REST API

Public S/MIME Secure Email (via CertCentral)

Public

User

  • Browser PKCS12

  • CSR

  • DigiCert Trust Assistant

  • Microsoft Autoenrollment

  • REST API

Create profiles

Create each CertCentral certificate profile from one of the above templates. Complete the profile creation wizard based on your unique business needs and how you plan to enroll and deploy the certificates. Key profile settings for CertCentral include:

  • Business unit: The business unit to assign certificates to in Trust Lifecycle Manager.

  • Connector: The connector for the linked CertCentral account to get certificates from.

  • CertCentral division: The division to assign certificates to in the CertCentral account.

  • Certificate type: The CertCentral certificate product to issue. You need a separate profile for each certificate type you want to enroll through Trust Lifecycle Manager.

  • Issuing CA: The CA to issue certificates from in the CertCentral account.

  • Organization: The organization for OV/EV certificates.

What's next

  • Monitor and manage certificates from your Inventory page in Trust Lifecycle Manager.

  • Go to the Integrations > Connectors page to view, check status, or manage a connector.

  • Select one of the View actions for a connector to load a pre-filtered inventory list of digital trust assets associated with it.