証明書プロファイルの作成
管理者ポータルで、DigiCert® Software Trust Manager > 証明書の管理 > 証明書プロファイル > 証明書プロファイルの作成に移動して、証明書プロファイルを作成します。
注記
To implement certificate profile controls for groups of users, review our Teams feature.
Create a certificate profile
注記
To perform this action, you must have a user role that contains the Manage certificate profile permission.
In the Software Trust menu, go to Certificates > Certificate profiles.
Select Create certificate profile.
Complete the missing fields.
Review the following table to understand how to complete these fields.
Based on your Enrollment method and Auto-renew selections, extra fields may appear (or be removed).
Select Create certificate profile.
Field | Description |
|---|---|
Certificate profile alias | Enter a descriptive name to identify this certificate profile. |
Enrollment method | Select CertCentral for public trust or CA Manager for private trust. |
Auto-renew | Select Yes if you want all certificates created using this certificate profile to automatically renew before they expire. |
Select No if you don't want any certificates created using this certificate profile to auto-renew. | |
Select Choose during certificate generation if you are unsure about auto-renewing. This option lets you decide during creation whether the certificate should auto-renew when using this profile. | |
Organization ID | For public trust, select the organization ID from CertCentral associated with the organization name you need listed on all certificates created using this profile. |
Issuing certificate authority | For private trust, select one of your private ICAs in DigiCert ONE CA Manager. |
Signature hash | For public trust, the default signature is SHA256. |
Skip approval | For public trust, select Yes to issue the certificate immediately or No to require an admin to approve the certificate in the CertCentral portal. |
Validity | For public trust, specify if the certificate should be valid for a specified number of days, 1 year, 2 years, or 3 years. |
Certificate type | For public trust, select Code Signing or EV Code Signing. |
Organizational unit | For public trust, this is an optional field where you can add a team, division, or department name that helps you manage the certificate. |
Organization | For private trust, select the organization name that should be listed on all certificates created using this profile. |
Profile category | Select Production or Test. 注記Test certificates expire after a maximum of 30 days. |
Certificate template | For private trust, select a certificate template in your Software Trust account. |
Once these fields are completed, some optional fields will become available:
Field | Description |
|---|---|
Signature algorithm | Choose the signature algorithm of the identity certificate. You can choose "match_issuer," meaning it will match the algorithm of the issuing CA, or you can choose a specific algorithm. |
Organization unit | Select an organization unit to be displayed in your certificate details. |
Validity duration unit | Can be days or years. This can be limited based on the template you use. |
Validity duration value | The number of duration units the certificates created using this profile will be valid. For example, if you enter "days" for Validity duration units and enter "7" for Validity duration value, certificates using this profile will be valid for 7 days. Again, this can be limited based on the template you use. |
Key usages: additional usages for RSA | Choose whether certificates using this profile can be used for digital signature, non-repudiation, or key encipherment. |
Key usages: additional usages for ECDSA | Choose whether certificates using this profile can be used for digital signature or non-repudiation. |
Key usages: additional usages | Choose whether certificates using this profile can be used for code signing or client authentication. |
注記
You can also set default values for these fields, which will determine the automatic settings for a certificate that uses the profile you create.
Identify a certificate profile ID
In the Software Trust menu, go to Certificates > Certificate profiles.
Select the desired certificate profile alias.
In the top menu, review the Certificate profile ID field.
Enable auto-renewal for certificates
This option allows you to manage your certificates more efficiently by automatically renewing them before they expire.
In the Software Trust menu, go to Certificates > Certificate profiles.
Select the desired certificate profile.
Select the edit (
) icon.Complete the following fields:
Field | Description |
|---|---|
Auto-renew | Select Yes if you want all certificates created using this certificate profile to automatically renew before they expire. |
Select No if you don't want any certificates created using this certificate profile to auto-renew. | |
Select Choose during certificate generation if you're unsure or want the option to choose when you create a certificate using this certificate profile. | |
Auto-renew scope | Select Apply to new certificates only to apply your selected auto-renewal settings to future certificates. |
Select Apply to new and existing certificates to apply your selected auto-renewal settings to future certificates and all existing certificates created with this profile. |