Skip to main content

Prerequisites

Make sure these prerequisites are met to enroll private trust certificates in DigiCert​​®​​ Trust Lifecycle Manager using the Enrollment over Secure Transport (EST) protocol.

Create root and issuing CAs

If you already have access to an issuing CA on your account, skip this step.

If you have not, reach out to your system administrator or DigiCert representative to create the required CA hierarchy.

Nota

The Trust Lifecycle Manager EST service can make use of both RSA and ECDSA issuing CAs to sign either RSA or ECDSA end-entity certificates via the EST protocol.

Allocate seats

You can use EST to enroll certificates for devices or servers. You need available device seats and/or server seats in the business units where you will enroll the certificates.

To update seat allocations in Trust Lifecycle Manager, see Change seat types allocated to business units.

Add trusted CAs for client authentication certificates

If you want to authenticate EST clients with certificates instead of enrollment codes, use the My root certificates function in Trust Lifecycle Manager to upload the trusted CA certificates. To authenticate, clients must present a certificate signed by one of these trusted CAs.