Skip to main content

Admin (SS)

DigiCert​​®​​ Software Trust Manager Admin is a system scope (SS) role for users responsible for day-to-day account configuration and enabling Software Trust Manager.


System users cannot perform cryptographic actions and sign. Also see Account user permissions.


The Software Trust Manager Admin role has the following permissions assigned:



User can

User settings

View user

View their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.

Account settings

Manage CertCentral API key

Delete, disable, enable, setup, update and validate a CertCentral API key.

View health

View app health (API).

Audit logs

View audit log

View audit and signature logs in the account.

Export audit logs

Export audit and signature logs in the account.


View audit log is required as an additional permission to to export audit logs.


Manage certificate hierarchy

Create, update, approve, reject, suspend, unsuspend, and view certificate hierarchies.


View certificate permission is required as an additional permission to manage certificate hierarchy.

Manage certificate profiles

  • Create, update, enable, disable, and delete certificate profiles.

  • Update and delete certificates.


View certificate profile is required as an additional permission to manage certificate profiles.

Manage certificate profiles

  • Create, update, enable, disable, and delete certificate profiles.

  • Update and delete certificates.


View certificate profile is required as an additional permission to manage certificate profiles.

Manage certificate template

Create, update, and clone certificate templates.


View certificate template is required as an additional permission to manage certificate templates.

View certificate

View certificate details in the account.


Manage keypair

  • Update, suspend or unsuspend keypairs.

  • Create, update, enable, and disable keypair profiles.

  • Create and update user groups.

  • Create, update, and refresh key rotation.

  • Generate a CSR


View keypair is required as an additional permission to manage keypairs.

View keypair

View keypair details in the account.


View release

View releases in the account.