Skip to main content

鍵ペアを生成する

管理者ポータルで、DigiCert​​®​​ Software Trust Manager > 鍵の管理に移動し、次に鍵ペアの生成を選択して鍵ペアを生成します。

View keypair

You require the View keypair permission to create a keypair.

You can view keypairs from Software Trust Manager or SMCTL.

Generate keypair

You require the View keypair and Generate keypair permission to create a keypair.

You can generate a keypair from Software Trust Manager or SMCTL.

Generate a certificate

You require the View keypair and Generate certificate permission to create a keypair.

You can generate a certificate from Software Trust Manager or SMCTL.

Update keypair

You require the View keypair and Manage keypair permission to update a keypair.

You can update a keypair from Software Trust Manager or SMCTL.

Identify keypair alias

Retrieve the keypair alias via DigiCert​​®​​ Software Trust Manager or Signing Manager Controller (SMCTL).

Identify keypair ID

You can retrieve the keypair ID from Software Trust Manager or SMCTL.

Download public key

You can download the public key for your certificate from Software Trust Manager or SMCTL.

Specify a default certificate for a keypair

You can set the default certificate for a keypair from Software Trust Manager or SMCTL.

CSRを生成する

If the Generate CSR option is not visible in your account, CSR generation may be disabled on your account.

注記

If your account is hosted by DigiCert, contact your account manager to enable CSR generation.

If your account is self-hosted, your DigiCert ONE system administrator can enable CSR generation by following the steps below.

To enable CSR generation:

  1. Sign in to DigiCert ONE.

  2. Navigate to the Manager menu (top right) > Software Trust.

  3. Select Account > Account settings.

  4. Click the edit icon next to System.

  5. Check the box next to CSR generation API/UI.

  6. Click Update settings.

[en] Generate a CSR using the DigiCert​​®​​ Software Trust Manager UI

  1. [en] Select the Keypairs tab.

  2. Navigate to the Manager menu (top right) > Software Trust.

  3. Select Keypairs.

  4. [en] Hover over the keypair alias you want to use to generate the CSR.

  5. [en] Select the menu icon that appears while hovering.

  6. Select the more actions (⁝) icon.

  7. [en] Select Generate CSR.

  8. The following information will be displayed and cannot be changed:

    Field

    Description

    Keypair alias

    Displays the name of the keypair used to generate the CSR.

    Algorithm type

    This field displays the algorithm associated with the keypair used to generate the CSR.

    Key size/curve

    This field displays the length, in bits, of the cryptographic keys used in the algorithm.

  9. Complete the following fields:

    Field

    Description

    Organization

    Select the organization name associated with this CSR from the drop-down menu. This is an optional field.

    Email

    Provide an email address associated with this CSR. This is an optional field.

    Organizational Unit (OU)

    Provide an organizational unit, often a department or team name associated with this CSR. Use a comma to list multiple OUs. This is an optional field.

  10. Select Generate CSR.

  11. Select one of the following options:

    1. Select the copy icon next to CSR to copy the CSR in plaintext.

    2. Select Download CSR to download the CSR as a file.

Refresh dynamic key

You can refresh a dynamic key from Software Trust Manager or SMCTL.

Rotate key

You can rotate a key rotation from Software Trust Manager or SMCTL.

Import code signing certificate

You require the Import certificate permission to import a code signing certificate.

You can import a code signing certificate from Software Trust Manager or SMCTL.

Import keypair

You require the Import keypair permission to import a certificate.

You can import a keypair from Software Trust Manager or SMCTL.

注記

You may encounter an error if you attempt to import an ECDSA keypair generated in OpenSSL because these keys are in PKCS1 format.

To bypass this error use one of the following workarounds:

  • Add a passcode to the keypair and provide the passcode when importing the keypair into Software Trust Manager.

  • Convert the PKCS1 keypair to PKCS8 using the command:

    openssl pkey -in myecdsakey.pem -out pkey-ecdsa.pem

Delete keypair

You require the Approve keypair delete permission to delete a keypair.

To delete a keypair:

  1. Sign in to DigiCert ONE.

  2. Select the Manager menu (top right) > Software Trust.

  3. Navigate to: Keypairs.

  4. Hover over keypair alias until the icon appears.

  5. Select the icon.

  6. Select Delete.

Errors and solutions

The following error may occur while importing a certificate.

Error parsing Json object

Error message:

Error parsing Json object. Check is Json object is correct. Json parse error. Unexpected or missing a character.

Description

This error may occur in the following scenarios:

  • Certificate import failed because the entire certificate chain was uploaded during import,

  • The file type you specified during import does not match the certificate type you uploaded.

Solution

  • Root and ICA certificates should be uploaded as Trust anchor certificates.

  • Ensure that the file type you selected during the upload is the same certificate type as the one you uploaded.