Self-service portal
With the DigiCert® Trust Lifecycle Manager self-service portal, end users can download, manage, or enroll their own certificates from their web browser.
注記
To learn how to enable the self-service portal, refer to the documentation under Set up your account. This page focuses on available self-service actions for end users once the portal is enabled.
Certificate types
The following certificate types can be accessed from the self-service portal:
Certificates issued through Trust Lifecycle Manager from a certificate profile with the Enable self-service portal option enabled and an issuing CA in DigiCert® Private CA or CertCentral.
Certificates discovered or imported into Trust Lifecycle Manager from external sources. You can use the self-service portal settings to control whether to expose these certificates to end users.
Portal types
Trust Lifecycle Manager provides two different portal types. You can enable one or both of these in the self-service portal settings:
Open portal: Does not authenticate users and only supports a limited set of self-service actions.
Authenticated portal: Authenticates users via SAML and supports more extensive self-service management actions after verifying the user's identity.
After enabling one of these portal types, the system generates a unique portal URL and QR code to share with end users who need access to it.
Get the portal URLs and QR codes
Go to your account settings to get the URLs for the open or authenticated portals or QR codes for scanning the URLs. Provide these to users so they can access the portals from their web browsers and use the self-service actions.
To get the URLs or QR codes for the self-service portal:
From the Trust Lifecycle Manager menu, go to Account > Settings > Self-service portal.
Select the tab for either the Open portal or Authenticated portal.
Copy the QR code or Portal URL to provide to users. Scanning the QR code opens the corresponding URL.
重要
If the QR code and portal URL show "
—
", that portal type is not enabled. For details, see Enable self-service portal access.
Available self-service actions
Users can download, manage, and enroll certificates from the self-service portal, depending on the portal type and how it's configured. The following tables list the supported actions by portal type.
Open portal
The open portal does not authenticate users and only supports the following self-service actions:
Action | Description |
---|---|
Search | Search for an existing certificate. The user must know the exact common name, email address, or serial number. |
Download | Download a certificate after a successful search or a new enrollment. |
Revocation | Request revocation of an existing certificate. The request gets sent to the email address in the certificate's Note: Enable this feature with caution, understanding the risk of being able to revoke someone else’s certificate if you have access to their email account. |
Authenticated portal
The authenticated portal verifies users' identities via SAML. Once authenticated, users can access and manage certificates that meet any of the following criteria:
Certificate matching criteria | How to search |
---|---|
Issued from a certificate profile that uses the | These certificates get automatically loaded when the user logs into the authenticated portal. They can be searched using the User ID input on the portal page. |
The certificate requester field in Trust Lifecycle Manager matches the user's SAML NameID. | Use the Email input on the portal page to search for matching certificates. |
The certificate’s | Use the Email input on the portal page to search for matching certificates. |
After displaying an accessible certificate, authenticated users can manage the certificate with the following self-service actions:
Action | Description |
---|---|
Renewal | Renew certificates that are approaching expiration and within the renewal window. |
Revocation | Permanently revoke certificates. |
Suspend/Resume | Temporarily suspend certificates or resume suspended ones. |
Key recovery | Recover certificates and keys with escrowing enabled:
|
Manage certificate owners | Update the list of assigned certificate owners who receive email notifications about a certificate. |
Authenticated users can also use the following self-service actions to request new certificates:
Action | Description |
---|---|
Enrollment | Enroll new certificates from a certificate profile with the self-service portal option enabled and the following criteria:
|
Pick up | Pick up a new certificate after admin approval. |
Cancel | Cancel pickup of an approved certificate request. |