Skip to main content

How to purchase a DigiCert​​®​​ KeyLocker certificate

DigiCert​​®​​ KeyLocker can only be used for code signing certificates ordered in CertCentral. The following documentation outlines how to purchase a certificate and access DigiCert​​®​​ KeyLocker.

KeyLocker workflow

When you request a code signing certificate in CertCentral, your DigiCert​​®​​ KeyLocker account is instantly created to generate and store your private keypair. For more information, refer to the workflow below:

  1. Contact your DigiCert sales representative to enable KeyLocker on your CertCentral account.

  2. Order a code signing certificate in CertCentral.

  3. Select DigiCert​​®​​ KeyLocker as the Provisioning Method.

  4. DigiCert completes the validation procedure for your code signing certificate.


    To bypass this step and speed up the issuance of your certificate submit your organization for pre-validation.

  5. CertCentral requests a DigiCert ONE account for the certificate approver CertCentral.


    Which CertCentral user becomes the KeyLocker lead?

    • If the certificate requester has approve permission for the organization listed on the certificate, the Certificate requester becomes the KeyLocker lead.

    • If the certificate requester does not have approve permission for the organization listed on the certificate, the approver becomes the KeyLocker lead.

  6. CertCentral approver for the organization listed on the certificate (not necessarily the certificate requester) receives two emails:

    1. Welcome to DigiCert ONE

      This email contains the username of the DigiCert​​®​​ KeyLocker lead.

    2. Reset your DigiCert ONE password

      Follow this link to reset your password for the username provided in the previous email.

  7. DigiCert​​®​​ KeyLocker instantly generates a secure RSA keypair with a 3072-bit length and stores the private key on a FIPS 140-2 level 3 compliant HSM for enhanced security.

  8. DigiCert​​®​​ KeyLocker generates a CSR with your private key.

  9. DigiCert​​®​​ KeyLocker uploads the CSR to CertCentral.

  10. Your certificate is issued and associated with the key generated and stored in DigiCert​​®​​ KeyLocker.

  11. DigiCert​​®​​ KeyLocker lead signs in to DigiCert ONE.

  12. DigiCert​​®​​ KeyLocker lead invites additional users or service users with the DigiCert​​®​​ KeyLocker signer or lead role assigned.