Create certificate profiles
To create a certificate profile in DigiCert® Trust Lifecycle Manager, you select a certificate template to use as a starting point and customize it to suit your specific business needs.
Before you begin
Identify the best certificate template to use to create your certificate profile. The certificate template determines:
Available certificate properties and use cases.
Issuing certificate authorities (CAs), enrollment methods, and certificate lifecycle automation options.
The seat type consumed for certificates issued from the certificate profile.
Note
You must have available seat licenses in your account for the selected certificate template. Contact your DigiCert account manager with questions regarding seat inventory.
Begin creating the certificate profile
Use one of the following methods to launch the certificate profile creation process:
From the certificate templates view (Policies > Base templates), select a certificate template by name to start creating a certificate profile from that template.
Alternatively, open the actions (three dot) menu next to the certificate template name and select Create profile from template.
From the certificate profiles view (Policies > Certificate profiles), select the Create profile button above the table to start creating a certificate profile.
This takes you to the certificate templates view. Select a certificate template by name to start creating a certificate profile from it.
Customize and save the new certificate profile
Follow the wizard to customize and save your certificate profile. The details you fill in depend on the certificate template you started with and your specific business needs for certificates issued with this profile:
Primary options can include profile name, business unit, issuing CA, enrollment method, and authentication method.
Certificate options can include validity period, algorithm, key type and size, renewal options, subject distinguished name (DN), and subject alternative name (SAN) fields.
Some profile types and enrollment methods support multiple key sizes. Select all possible key sizes you want to allow in your certificates. The final key size will be determined based on what's sent in the CSR for each enrollment.
See Certificate attributes and extensions for technical details about supported certificate options.
Extensions includes additional options for the extensions field in the certificates, such as key usage and extended key usage. Some private certificate types also support custom extensions.
Additional options can include certificate delivery format, administrative contact options, notification options, LDAP search, and tags.
Apply tags to help identify all certificates issued from a particular profile for tracking and management purposes in Trust Lifecycle Manager.
Advanced settings include Seat ID mapping where you can select a certificate field to be bound to your Seat ID, used to uniquely identify an entity (User, Device or Server Seat) to the system, for licensing purposes.
You can upload a user instructions file for how to use the certificate for profiles configured with a web-based enrollment method (
Browser PKCS12
,CSR
, orDigiCert Trust Assistant
) and an authentication method ofEnrollment Code
,Manual Approval
orDigiCert ONE Login
.You also have the option of enabling a Grace period, which allows you to add the days before expiration to the renewed certificate. When not selected, the renewed certificate takes a strict validity period based on the Certificate expires in value set above.
Some templates provide a self-service portal option. Enable this option to allow end users to manage their own certificates via a web-based self-service portal, if enabled under Settings.
After filling in each screen, select the Next button to progress to the next screen. Select Back to return to previous screens to review or make changes.
When you're ready, select Create on the final screen to save the new certificate profile.