Get started

DigiCert® Software Trust Manager allows you to sign code quickly and easily with certificate profiles and private keys. Before you can start signing, you must sign in, configure clients for your operating system, create a certificate profile, a keypair, and a certificate.

Create login credentials

To use the client tools and connect to DigiCert® Software Trust Manager for operations, you must have access to DigiCert® Software Trust Manager on DigiCert ONE. If you do not have this, contact an administrator for DigiCert ONE and request that they create a sign-in for you. You need to create your username (or use your email), a secure password, and set up two-factor authentication.

Install the clients

To install the clients:

Navigate to DigiCert ONE > DigiCert® Software Trust Manager > Resources > Client tool repository.
On Windows, download DigiCert® Software Trust Manager Clients Installer.
On Linux, download DigiCert® Software Trust Manager Linux Clients.
On Apple, download the individual DigiCert® Software Trust Manager clients for Apple.

注記

You can install clients individually. The package installers available for Windows and Linux allow you to download multiple clients that you may need to sign.

Create environment credentials

Two-factor authentication (2FA) is required to perform specific actions, like signing.

API key

An API key is a unique identifier generated by the server to authenticate a user or calling program to an API. The API key acts as the first factor of authentication when connecting to DigiCert® Software Trust Manager client tools.

注記

The permissions for the API token are based upon your user permissions set in DigiCert® Software Trust Manager.

To create an API key:

Sign in to DigiCert ONE.
Navigate to the Profile icon > Admin Profile > API tokens.
Select Create API token.

Client authentication certificate

A client authentication certificate is a X.509 digital certificate with a unique password that is generated by the server to authenticate a user or calling program to an API. The client authentication certificate acts as the second factor of authentication when connecting to DigiCert® Software Trust Manager client tools .

注記

The permissions for the client authentication certificate are based upon your user permissions set in DigiCert® Software Trust Manager.

To generate a client certificate:

Sign in to DigiCert ONE.
Navigate to the Profile icon > Admin Profile > Authentication Certificates.
Select Create authentication certificate.

Set up environment variables

Set up the environment variables to connect to DigiCert® Software Trust Manager:

Move the downloaded SMCTL client to the location where it can be referred from System's PATH environment variable.
Run the SMCTL client.

Identify your host environment:

表 1. Host options

Country	Host type	SM_HOST value
United States of America (USA)	Demo	https://clientauth.demo.one.digicert.com
United States of America (USA)	Production	https://clientauth.one.digicert.com
Switzerland (CH)	Demo	https://clientauth.demo.one.ch.digicert.com
Switzerland (CH)	Production	https://clientauth.one.ch.digicert.com
Japan (JP)	Demo	https://clientauth.demo.one.digicert.co.jp
Japan (JP)	Production	https://clientauth.one.digicert.co.jp
Netherlands (NL)	Demo	https://clientauth.demo.one.nl.digicert.com
Netherlands (NL)	Production	https://clientauth.one.nl.digicert.com

To configure environment variables, run:
例 1. Windows
There are three methods for configuring environment variables. Configuring secure credentials is recommended.
Configure secure credentials (recommended)
Instructions to configure secure credentials for Windows.
Configure temporary environment variables
```
set SM_API_KEY=<API key> 
set SM_HOST=<host URL>
set SM_CLIENT_CERT_FILE=<P12 client authentication certificate file path>
set SM_CLIENT_CERT_PASSWORD=<P12 client authentication certificate password>
```
注記
This method requires you to set these environment variables every time you open a new command line session.
Persistent variables
Setting your environment variables as system variables, is a once off action. You will not be required to set your environment variables every time you open a command line session.
To set persistent variables:
Search for environment variables in the Windows start menu.
Select Edit for either system or user account environment variables.
Select New.
Add the variable name and value for each of the DigiCert® Software Trust Manager environment variables.
Click on OK to close the dialog.
例 2. Linux
There are three methods for configuring environment variables. Configuring secure credentials is recommended.
Configure secure credentials (recommended)
Instructions to configure secure credentials for Linux.
Configure temporary environment variables
```
export SM_API_KEY=<API key> 
export SM_HOST=<host URL>
export SM_CLIENT_CERT_FILE=<P12 client authentication certificate file path>
export SM_CLIENT_CERT_PASSWORD=<P12 client authentication certificate password>
```
Set persistent variables
Setting your environment variables as system variables, is a once off action. You will not be required to set your environment variables every time you open a command line session.
To set persistent variables:
Launch the Terminal application.
Open the file in an editor:
nano ~/.profile
Add any exports definitions you need:
export SM_API_KEY= <API key> export SM_HOST=https:<host URL> export SM_CLIENT_CERT_FILE=<P12 client authentication certificate file path> export SM_CLIENT_CERT_PASSWORD=<P12 client authentication certificate password>
Click CTRL+X to exit.
Click Y to save.
Click Enter to keep the same file name.
Execute the new .profile by restarting Terminal or using:
source ~/.profile
例 3. macOS
There are three methods for configuring environment variables. Configuring secure credentials is recommended.
Configure secure credentials
Instructions to configure secure credentials for macOS (recommended)
Configure temporary environment variables
```
export SM_API_KEY= <API key>
export SM_HOST=https:<host URL>
export SM_CLIENT_CERT_FILE=<P12 client authentication certificate file path>
export SM_CLIENT_CERT_PASSWORD=<P12 client authentication certificate password>
```
注記
This method requires you to set these environment variables every time you open a new command line session.
Set persistent variables
Setting your environment variables as system variables, is a once off action. You will not be required to set your environment variables every time you open a command line session.
To set persistent variables:
Launch the Terminal application.
Create a profile file:
touch ~/.zprofile
Open the file in an editor:
open ~/.zprofile
Add any exports definitions you need, such as:
export SM_API_KEY= <API key> export SM_HOST=https:<host URL> export SM_CLIENT_CERT_FILE=<P12 client authentication certificate file path> export SM_CLIENT_CERT_PASSWORD=<P12 client authentication certificate password>
Execute the new .zprofile by restarting Terminal or using:
source ~/.zprofile

注記

Click on one of these links for help creating an API key or client authentication certificate.

Create a certificate profile

Certificate profiles simplify certificate generation by preconfiguring values for all certificate options.

To create a certificate profile:

Navigate to DigiCert ONE > DigiCert® Software Trust Manager > Certificates > Certificate profiles.
Select Create certificate profile.

Create a keypair profile (optional)

Keypair profiles simplify keypair generation by preconfiguring values for all keypair options.

To create a keypair profile:

Navigate to DigiCert ONE > DigiCert® Software Trust Manager > Keypairs > Keypair profiles.
Select Create keypair profile.

注記

Enable keypair profiles on your account to use this feature.

Create users

The administrator of DigiCert® Software Trust Manager can create two types of users: Admin and system users.

Admin users have access to the DigiCert® Software Trust Manager UI and clients.

Service users do not have access to the DigiCert® Software Trust Manager UI but can sign using the clients.

To create an admin user:

Navigate to DigiCert ONE > Account Manager > Access > Users.
Select Create user.

To create a service user:

Navigate to DigiCert ONE > Account Manager > Access > Service user
Select Create service user.

Create a team (optional)

Select users, groups, or both to form a team and then map relevant resources to them. You can restrict team resources such as keypairs, releases, and enforce keypair profiles and certificate profiles.

To create a team:

Navigate to DigiCert ONE > DigiCert® Software Trust Manager > Account > Teams.
Select Create.

注記

Enable teams on your account to use this feature.

Create a keypair

DigiCert® Software Trust Manager supports two keypair types: standard and GPG.

A standard keypair refers to a public key and an associated private key. The private key encrypts data that can only be decrypted by its associated private key, thereby establishing an encrypted connection.

GPG keys are different from standard keypairs because each GPG key includes a master key and associated subkeys. We recommend that the master key only be used for creating subkeys and the subkeys be used for signing. In the event that a subkey is compromised, this will allow you to revoke and replace the affected subkey, while the master key and uncompromised subkeys remain secure.

To create a standard keypair:

Navigate to DigiCert ONE > DigiCert® Software Trust Manager > Keypairs.
Select Create keypair.
注記
You can create a certificate at the same time as generating a keypair, if you check the box next to Generate certificate.

Create a certificate

To create a certificate:

Navigate to DigiCert ONE > DigiCert® Software Trust Manager > Keypairs.
Hover over the keypair you want to use to create the certificate until the menu icon appears.
Select Generate certificate.

Create a release

Releases protect keys by restricting their use to pre-approved dates and times. The pre-approved date and time selected for a release is referred to as a release window. Within a release window, organizations can control which keypairs can be used, who can use them, and the maximum number of signatures that can be used during the release.

To create a software release:

Navigate to DigiCert ONE > DigiCert® Software Trust Manager > Releases.
Select Create release.

Conclusion

You are now able to useDigiCert® Software Trust Manager to sign.

For a list of signing tools supported by DigiCert® Software Trust Manager refer to our documentation.

To automate signing as part of your Continuous Integration/Continuous Development (CI/CD) workflows, refer to CI/CD integrations.

注記

You can set any proxies you need and verify the connection.

Proxy instructions differ depending on which operating system you use, see: Windows, Linux, or Apple.Windowsの設定Linuxの設定Appleの設定

このセクションの内容: