Create a certificate profile for REST API
To create a profile using the REST API enrollment method:
In DigiCert® Trust Lifecycle Manager, navigate to Policies > Base templates.
Select Public S/MIME Secure Email (via CertCentral) template.
Note
If you have not created a CertCentral CA connector you see the summary steps to create one.
Under Primary options, enter a Profile name.
Select a Business unit, Certificate type and publicly-trusted Issuing CA from the respective drop-down lists.
The REST API enrollment method and Third Party app authentication method is populated.
Click Next to configure Certificate options.
Certificate expiry period
Signing algorithm
Key type and size
Flow options
Note
Duplicate certificates are set to Yes. Also, we do not support a Cloud Key Escrow option yet.
Set the allowed Renewal window.
Set the required Subject DN and SAN certificate fields, and their sources: REST Request or Fixed Value.
To configure the Key Usages and Extended Key Usages extensions, click Next.
Key usage
Extended key usage
To configure Additional options, click Next.
Configure revocation email notification.
Add organization details. Select or search for an organization from the list of organizations available on your CertCentral account. All issued certificates are bound to the selected organization and include the Organization value inside the Subject DN.
Add contact details. Select contact details (Name, Email, Phone) linked to the validated organization, or select custom contact details.
To configure Advanced settings, click Next.
Select one or multiple service users from the drop down list, which are configured with an API KEY or Certificate for authentication. See Create a service user section above for details.
Click Create to save the profile configuration.