Skip to main content

Get started

DigiCert​​®​​ Software Trust Manager allows you to sign code quickly and easily with certificate profiles and private keys. Before you can start signing, you must sign in, configure clients for your operating system, create a certificate profile, a keypair, and a certificate.

Create login credentials

To use the client tools and connect to DigiCert​​®​​ Software Trust Manager for operations, you must have access to DigiCert​​®​​ Software Trust Manager on DigiCert ONE. If you do not have this, contact an administrator for DigiCert ONE and request that they create a sign-in for you. You need to create your username (or use your email), a secure password, and set up two-factor authentication.

Install the clients

To install the clients:

  1. Navigate to DigiCert ONE > DigiCert​​®​​ Software Trust Manager > Resources > Client tool repository.

  2. On Windows, download DigiCert​​®​​ Software Trust Manager Clients Installer.

    On Linux, download DigiCert​​®​​ Software Trust Manager Linux Clients.

    On Apple, download the individual DigiCert​​®​​ Software Trust Manager clients for Apple.

Note

You can install clients individually. The package installers available for Windows and Linux allow you to download multiple clients that you may need to sign.

Create environment credentials

Two-factor authentication (2FA) is required to perform specific actions, like signing.

API key

An API key is a unique identifier generated by the server to authenticate a user or calling program to an API. The API key acts as the first factor of authentication when connecting to DigiCert​​®​​ Software Trust Manager client tools.

Note

The permissions for the API token are based upon your user permissions set in DigiCert​​®​​ Software Trust Manager.

To create an API key:

  1. Sign in to DigiCert ONE.

  2. Navigate to the Profile icon > Admin Profile > API tokens.

  3. Select Create API token.

Client authentication certificate

A client authentication certificate is a X.509 digital certificate with a unique password that is generated by the server to authenticate a user or calling program to an API. The client authentication certificate acts as the second factor of authentication when connecting to DigiCert​​®​​ Software Trust Manager client tools .

Note

The permissions for the client authentication certificate are based upon your user permissions set in DigiCert​​®​​ Software Trust Manager.

To generate a client certificate:

  1. Sign in to DigiCert ONE.

  2. Navigate to the Profile icon > Admin Profile > Authentication Certificates.

  3. Select Create authentication certificate.

Set up environment variables

Set up the environment variables to connect to DigiCert​​®​​ Software Trust Manager:

  1. Move the downloaded SMCTL client to the location where it can be referred from System's PATH environment variable.

  2. Run the SMCTL client.

  3. Identify your host environment:

    Tableau 1. Host options

    Country

    Host type

    SM_HOST value

    United States of America (USA)

    Demo

    https://clientauth.demo.one.digicert.com

    Production

    https://clientauth.one.digicert.com

    Switzerland (CH)

    Demo

    https://clientauth.demo.one.ch.digicert.com

    Production

    https://clientauth.one.ch.digicert.com

    Japan (JP)

    Demo

    https://clientauth.demo.one.digicert.co.jp

    Production

    https://clientauth.one.digicert.co.jp

    Netherlands (NL)

    Demo

    https://clientauth.demo.one.nl.digicert.com

    Production

    https://clientauth.one.nl.digicert.com



  4. To configure environment variables, run:

Note

Click on one of these links for help creating an API key or client authentication certificate.

Create a certificate profile

Certificate profiles simplify certificate generation by preconfiguring values for all certificate options.

To create a certificate profile:

  1. Navigate to  DigiCert ONE > DigiCert​​®​​ Software Trust ManagerCertificates > Certificate profiles.

  2. Select Create certificate profile.

Create a keypair profile (optional)

Keypair profiles simplify keypair generation by preconfiguring values for all keypair options.

To create a keypair profile:

  1. Navigate to DigiCert ONE > DigiCert​​®​​ Software Trust Manager > Keypairs > Keypair profiles.

  2. Select Create keypair profile.

Note

Enable keypair profiles on your account to use this feature.

Create users

The administrator of DigiCert​​®​​ Software Trust Manager can create two types of users: Admin and system users.

Admin users have access to the DigiCert​​®​​ Software Trust Manager UI and clients.

Service users do not have access to the DigiCert​​®​​ Software Trust Manager UI but can sign using the clients.

To create an admin user:

  1. Navigate to DigiCert ONE > Account Manager > Access > Users.

  2. Select Create user.

To create a service user:

  1. Navigate to DigiCert ONE > Account Manager > Access > Service user

  2. Select Create service user.

Create a team (optional)

Select users, groups, or both to form a team and then map relevant resources to them. You can restrict team resources such as keypairs, releases, and enforce keypair profiles and certificate profiles.

To create a team:

  1. Navigate to DigiCert ONE > DigiCert​​®​​ Software Trust Manager > Account > Teams.

  2. Select Create.

Note

Enable teams on your account to use this feature.

Create a keypair

DigiCert​​®​​ Software Trust Manager supports two keypair types: standard and GPG.

A standard keypair refers to a public key and an associated private key. The private key encrypts data that can only be decrypted by its associated private key, thereby establishing an encrypted connection.

GPG keys are different from standard keypairs because each GPG key includes a master key and associated subkeys. We recommend that the master key only be used for creating subkeys and the subkeys be used for signing. In the event that a subkey is compromised, this will allow you to revoke and replace the affected subkey, while the master key and uncompromised subkeys remain secure.

To create a standard keypair:

  1. Navigate to DigiCert ONE > DigiCert​​®​​ Software Trust Manager > Keypairs.

  2. Select Create keypair.

    Note

    You can create a certificate at the same time as generating a keypair, if you check the box next to Generate certificate.

Create a certificate

To create a certificate:

  1. Navigate to DigiCert ONE > DigiCert​​®​​ Software Trust Manager > Keypairs.

  2. Hover over the keypair you want to use to create the certificate until the menu icon appears.

  3. Select Generate certificate.

Create a release

Releases protect keys by restricting their use to pre-approved dates and times. The pre-approved date and time selected for a release is referred to as a release window. Within a release window, organizations can control which keypairs can be used, who can use them, and the maximum number of signatures that can be used during the release.

To create a software release:

  1. Navigate to DigiCert ONE > DigiCert​​®​​ Software Trust Manager > Releases.

  2. Select Create release.

Conclusion

You are now able to useDigiCert​​®​​ Software Trust Manager to sign.

For a list of signing tools supported by DigiCert​​®​​ Software Trust Manager refer to our documentation.

To automate signing as part of your Continuous Integration/Continuous Development (CI/CD) workflows, refer to CI/CD integrations.

Note

You can set any proxies you need and verify the connection.

Proxy instructions differ depending on which operating system you use, see: Windows, Linux, or Apple.Windows configurationLinux configurationApple configuration