Prerequisites
Make sure these prerequisites are met to issue Public S/MIME sponsor-validated certificates via the GBS iQ.Suite KeyManager.
Verify availability of the required certificate template
You need the Public S/MIME Secure Email using CMP (via CertCentral)
certificate template assigned to your account.
To verify this, select Policies > Base templates from the DigiCert® Trust Lifecycle Manager main menu.
If the above template does not appear in the list of available certificate templates, reach out to your System administrator or DigiCert representative to get it assigned.
Create a service user
You need a service user for DigiCert API access.
Create the service user in the DigiCert® Account Manager application, following the steps here: Create a service user.
Make sure to select the following settings for the service user you create:
DigiCert ONE Manager access: Select
CA
andTrust Lifecycle
.Roles and permissions:
CA Manager: Select the
Read only
role.Trust Lifecycle Manager: Select the
User and certificate manager
role.
Create an authentication certificate
Create an authentication certificate for your DigiCert service user, which you will need when configuring the GBS software.
Generate the authentication certificate in the the DigiCert® Account Manager application, following the steps here: Create a service user authentication certificate.
Download the generated authentication certificate to your workstation so you can use it to configure the GBS software there.
Allocate seats to a business unit
Make sure there are available User seats in the business unit where you will issue the S/MIME certificates.
To learn more about how to verify and allocate seats to a business unit, see Business units.
Create a CertCentral CA connector
You need a connector to CertCentral to get certificates from the issuing CAs there.
To learn how to set this up, see DigiCert CertCentral.