Skip to main content

Buy and request a DigiCert​​®​​ KeyLocker certificate

DigiCert​​®​​ KeyLocker can only be used for code signing certificates ordered in CertCentral. When you request a code signing certificate in CertCentral, your KeyLocker account is instantly created to generate and store your private keypair.

Note

Already have a CertCentral account? Contact your DigiCert sales representative to enable KeyLocker in your account.

KeyLocker workflow

  1. Start a code signing subscription from www.digicert.com or in your CertCentral account.

  2. Request a code signing certificate from your active subscription.

  3. Select DigiCert​​®​​ KeyLocker as the Provisioning Method.

  4. DigiCert completes the validation procedure for your code signing certificate.

    Astuce

    To bypass this step and speed up the issuance of your certificate submit your organization for pre-validation.

  5. CertCentral requests a DigiCert ONE account for the certificate approver CertCentral.

    Note

    Which CertCentral user becomes the KeyLocker lead?

    • If the certificate requester has approve permission for the organization listed on the certificate, the Certificate requester becomes the KeyLocker lead.

    • If the certificate requester does not have approve permission for the organization listed on the certificate, the approver becomes the KeyLocker lead.

  6. CertCentral approver for the organization listed on the certificate (not necessarily the certificate requester) receives two emails:

    1. Welcome to DigiCert ONE

      This email contains the username of the DigiCert​​®​​ KeyLocker lead.

    2. Reset your DigiCert ONE password

      Follow this link to reset your password for the username provided in the previous email.

  7. DigiCert​​®​​ KeyLocker instantly generates a secure RSA keypair with a 3072-bit length and stores the private key on a FIPS 140-2 level 3 compliant HSM for enhanced security.

  8. DigiCert​​®​​ KeyLocker generates a CSR with your private key.

  9. DigiCert​​®​​ KeyLocker uploads the CSR to CertCentral.

  10. Your certificate is issued and associated with the key generated and stored in DigiCert​​®​​ KeyLocker.

  11. DigiCert​​®​​ KeyLocker lead signs in to DigiCert ONE.

  12. DigiCert​​®​​ KeyLocker lead invites additional users or service users with the DigiCert​​®​​ KeyLocker signer or lead role assigned.