鍵ペアを生成する
管理者ポータルで、DigiCert® Software Trust Manager > 鍵の管理に移動し、次に鍵ペアの生成を選択して鍵ペアを生成します。
View keypair
You require the View keypair
permission to create a keypair.
You can view keypairs from Software Trust Manager or SMCTL.
Generate keypair
You require the View keypair
and Generate keypair
permission to create a keypair.
You can generate a keypair from Software Trust Manager or SMCTL.
Generate a certificate
You require the View keypair
and Generate certificate
permission to create a keypair.
You can generate a certificate from Software Trust Manager or SMCTL.
Update keypair
You require the View keypair
and Manage keypair
permission to update a keypair.
You can update a keypair from Software Trust Manager or SMCTL.
Identify keypair alias
Retrieve the keypair alias via DigiCert® Software Trust Manager or Signing Manager Controller (SMCTL).
Identify keypair ID
You can retrieve the keypair ID from Software Trust Manager or SMCTL.
Download public key
You can download the public key for your certificate from Software Trust Manager or SMCTL.
Specify a default certificate for a keypair
You can set the default certificate for a keypair from Software Trust Manager or SMCTL.
CSRを生成する
If the Generate CSR option is not visible in your account, CSR generation may be disabled on your account.
注記
If your account is hosted by DigiCert, contact your account manager to enable CSR generation.
If your account is self-hosted, your DigiCert ONE system administrator can enable CSR generation by following the steps below.
To enable CSR generation:
Sign in to DigiCert ONE.
Navigate to the Manager menu (top right) > Software Trust.
Select Account > Account settings.
Click the edit icon next to System.
Check the box next to CSR generation API/UI.
Click Update settings.
[en] Generate a CSR using the DigiCert® Software Trust Manager UI
[en] Select the Keypairs tab.
Navigate to the Manager menu (top right) > Software Trust.
Select Keypairs.
[en] Hover over the keypair alias you want to use to generate the CSR.
[en] Select the menu icon that appears while hovering.
Select the more actions (⁝) icon.
[en] Select Generate CSR.
The following information will be displayed and cannot be changed:
Field
Description
Keypair alias
Displays the name of the keypair used to generate the CSR.
Algorithm type
This field displays the algorithm associated with the keypair used to generate the CSR.
Key size/curve
This field displays the length, in bits, of the cryptographic keys used in the algorithm.
Complete the following fields:
Field
Description
Organization
Select the organization name associated with this CSR from the drop-down menu. This is an optional field.
Email
Provide an email address associated with this CSR. This is an optional field.
Organizational Unit (OU)
Provide an organizational unit, often a department or team name associated with this CSR. Use a comma to list multiple OUs. This is an optional field.
Select Generate CSR.
Select one of the following options:
Select the copy icon next to CSR to copy the CSR in plaintext.
Select Download CSR to download the CSR as a file.
Refresh dynamic key
You can refresh a dynamic key from Software Trust Manager or SMCTL.
Rotate key
You can rotate a key rotation from Software Trust Manager or SMCTL.
Import code signing certificate
You require the Import certificate
permission to import a code signing certificate.
You can import a code signing certificate from Software Trust Manager or SMCTL.
Import keypair
You require the Import keypair
permission to import a certificate.
You can import a keypair from Software Trust Manager or SMCTL.
注記
You may encounter an error if you attempt to import an ECDSA keypair generated in OpenSSL because these keys are in PKCS1 format.
To bypass this error use one of the following workarounds:
Add a passcode to the keypair and provide the passcode when importing the keypair into Software Trust Manager.
Convert the PKCS1 keypair to PKCS8 using the command:
openssl pkey -in myecdsakey.pem -out pkey-ecdsa.pem
Delete keypair
You require the Approve keypair delete
permission to delete a keypair.
To delete a keypair:
Sign in to DigiCert ONE.
Select the Manager menu (top right) > Software Trust.
Navigate to: Keypairs.
Hover over keypair alias until the ⁝ icon appears.
Select the ⁝ icon.
Select Delete.
Errors and solutions
The following error may occur while importing a certificate.
Error parsing Json object
Error message:
Error parsing Json object. Check is Json object is correct. Json parse error. Unexpected or missing a character.
Description
This error may occur in the following scenarios:
Certificate import failed because the entire certificate chain was uploaded during import,
The file type you specified during import does not match the certificate type you uploaded.
Solution
Root and ICA certificates should be uploaded as Trust anchor certificates.
Ensure that the file type you selected during the upload is the same certificate type as the one you uploaded.