Skip to main content

鍵のローテーション

鍵のローテーションでは、2~10個の鍵と証明書をローテーションするサイクルを設定することができます。これによりセキュリティが強化され、あらかじめ設定された期間と各署名後に自自動的に鍵が変更されるため、同じ鍵と証明書を使用して複数回連続して署名を行うということがなくなります。

To identify a key rotation, navigate to DigiCert ONE > DigiCert​​®​​ Software Trust Manager > Keypairs and identifying Rotation in the Type column.

注記

Keypairs assigned to a key rotation are not listed and cannot be managed in the Keypairs tab in Software Trust Manager.

鍵ローテーションを作成する

You require the Manage keypair permission to create a key rotation.

  1. Sign in to DigiCert ONE.

  2. Select the Manager menu (top right) > Software Trust.

  3. Navigate to: Keypairs > Key rotations.

  4. Select Create key rotation.

  5. Complete the following fields:

Field

Description

Rotation name

Enter a name that easily identifies which rotation you are using.

Team

Select the team that should have access to this key rotation.

注記

Selecting this option will limit the keypairs available for selection to keypairs that the selected team are allowed to use.

This option will only be available if you have teams enabled in Account > Account settings > Teams.

Select keypairs

Select between 2 and 10 keypairs to cycle during the rotation.

注記

Only production keypairs with a default certificate are available for selection.

Rotation frequency

Determine how often the keys should rotate.

Keypair status

Select Online to rotate keypairs that can be used to sign at any time.

Select Offline to rotate keypairs that can only be used to sign during a release window.

Access

Select Open to allow any user within your account access to the keypair rotation.

Select Restricted to limit access to the keypair rotation to specified users, user group, or team.

Allowed users

Select individual validated users that can use this key rotation.

Allowed user groups

Select groups of users that can use this key rotation.

鍵ローテーションの詳細を見る

Key rotation details lists the following details: Keypair rotation ID, key rotation status, date created, keypair status, allowed users, groups, or teams. It also provides a list of keypairs and default certificates that are in rotation.

To view key rotation details:

  1. 鍵ローテーションのローテーション名を選択して、自分のプロファイルに関連する鍵ローテーションの詳細を表示することができます。詳細ページでは、以下を確認できます。

  2. Select the Manager menu (top right) > Software Trust.

  3. Navigate to: Keypairs > Key rotations.

  4. Click on the keypair rotation alias.

Rotate key

You can rotate a key rotation from Software Trust Manager or SMCTL.

署名ログから鍵ローテーションを検索する

レポート > 署名ログに移動し、[検索] にローテーション名を入力すると、鍵ローテーションを使用して署名を見つけることができます。

  1. Sign in to DigiCert ONE.

  2. Select the Manager menu (top right) > Software Trust.

  3. Navigate to: Logs > Signature logs.

  4. Identify the keypair alias column and enter the rotation alias into the filter field.

このセクションの内容: