Link DigiCert® Trust Lifecycle Manager to your PKI Platform 8 account to import and manage certificates from certificate authorities (CAs) in DigiCert PKI Platform 8.
You need your PKI Platform 8 account API key.
To import certificates from PKI Platform 8, you need the PKI8 Connector - import attributes feature enabled for your account.
From the Trust Lifecycle Manager main menu, select Integrations > Connectors.
Select the Add connector button.
In the Certificate authorities section, select the tile for DigiCert PKI Platform 8.
Complete the form as described in the following steps.
Assign a user-friendly Name to the connector to help identify it.
In the API key field, enter your PKI Platform 8 account API key.
Important
You must enter a valid API key before you can configure import options for the connector. As soon as you enter the API key, Trust Lifecycle Manager attempts to establish the link to your PKI Platform 8 account:
If there is an issue establishing the link, you get prompted to enter valid account details.
If the API key is accepted but imports are still disabled, the PKI8 Connector - import attributes feature is not enabled for your account. Contact your platform administrator to enable it.
Import attributes: Select options for importing certificates from PKI Platform 8 into your Trust Lifecycle Manager account to be monitored and managed there.
Import certificates from this connector: Select whether to import certificates or not. If importing, select options for how and what to import.
Map PKI Platform 8 accounts to business units: Select options for how to map imported certificates from different PKI Platform 8 accounts/sub-accounts to business units in Trust Lifecycle Manager.
Select accounts to map: Choose this option to map your PKI Platform 8 accounts one at a time. After mapping an account, select the Add mapping link to map another one.
Map all available accounts: Choose this option to list all available PKI Platform 8 accounts. For each account, select the business unit to assign the certificates to in Trust Lifecycle Manager.
Warning
Each PKI Platform 8 account can only be mapped to a single connector in Trust Lifecycle Manager. PKI Platform 8 accounts that are already mapped do not appear in the list of available accounts when configuring a connector. To re-map a PKI Platform 8 account to a different connector, you must first disable imports for the existing connector. See the Manage import operations section below for more details.
Import all certificates from accounts: For PKI Platform 8 accounts/sub-accounts selected here, certificates from all profiles will be imported. This is the default behavior. If you would rather select specific certificate profiles to import from, deselect the corresponding account and then use the next field to select individual profiles.
Import certificates from specific profiles: Use this dropdown to select individual profiles to import certificates from in PKI Platform 8. To select individual profiles here, the corresponding account/sub-account must not be enabled for 'import all' above.
Import certificates: Select the certificate types (X.509 and/or PKCS12) and status (valid, expired, revoked/suspended) to import from PKI Platform 8. For expired certificates, you must also select an expiration date range to import, up to a maximum of 7 years past expiration.
Tags (optional): Assign tags to the imported certificates to help filter and manage them in Trust Lifecycle Manager.
Select Add to create the PKI Platform 8 connector with the configured settings.
If you enabled imports, Trust Lifecycle Manager begins importing certificates from the mapped PKI Platform 8 accounts after you add the connector. Note that:
Certificate imports run asynchronously. Refresh the connector details page to track the total number of successful imports from PKI Platform 8.
The connector status shows
Runningwhen it's actively importing certificates from the linked PKI Platform 8 accounts.Certificates imported from PKI Platform 8 are bound to Imported seats. Any certificates already bound to User seats in Trust Lifecycle Manager will remain as such and will not consume additional seats.
Use the pencil (edit) icon on the connector details page to make changes to the PKI Platform 8 connector. Note that:
Existing PKI Platform 8 connectors cannot be deleted, but you can turn off imports to effectively disable them.
You can select additional profiles for importing certificates from the mapped PKI Platform 8 accounts in an existing connector.
You can map a new PKI Platform 8 account to an existing connector, but you cannot delete existing account mappings.
Once a PKI Platform 8 account is mapped to a particular connector, it is not available to map to any other connectors. To change the mapping, you must first disable import operations for the existing connector. You can then map that PKI Platform 8 account to a different connector.
To manage import operations for an existing PKI Platform 8 connector:
From the Trust Lifecycle Manager main menu, select Integrations > Connectors.
Select the Name of the PKI Platform 8 connector to manage.
On the connector details page, select the edit (pencil) icon on the right to update the connector.
Update the Import attributes section to change the import settings for the connector. Available actions:
Toggle imports on or off for the connector.
Add mappings for additional PKI Platform 8 accounts to import certificates from.
For new account mappings, select whether to import all certificates or import from specific profiles.
Select additional profiles to import certificates from in the mapped PKI Platform 8 accounts.
Manage the tags that get applied to imported certificates to identify/filter them in Trust Lifecycle Manager.
The connector details page in Trust Lifecycle Manager provides shortcut links under Assets found on this connector to load the associated certificates into your Inventory where you can view and manage them.
Use the standard view inventory functions to further refine and save custom views of your PKI Platform 8 certificates.
Manage imported PKI Platform 8 certificates from your Trust Lifecycle Manager Inventory view. To see available management actions for a certificate, select the actions menu next to it.
Trust Lifecycle Manager admins can perform the following management actions for imported PKI Platform 8 certificates as long as the requirements are met.
Actions | Requirements |
|---|---|
Recover escrowed (PKCS12) certificates |
|
Revoke or Suspend/Resume certificates |
|
Importante
Certificates that expire or get revoked in PKI Platform 8 get their status automatically synced back to Trust Lifecycle Manager.