Use the MCP server to connect third-party AI tools
The Model Context Protocol (MCP) server for DigiCert® Trust Lifecycle Manager acts as a bridge between AI models and DigiCert. The MCP server includes a curated set of Trust Lifecycle Manager APIs, enabling use of natural language to query and manage your account data in a secure, permissioned manner.
For example, by connecting to the MCP server from an IDE environment like VS code, you can use the IDE's integrated AI tools to list certificates, check certificate status, or perform basic metadata management actions for your Trust Lifecycle Manager account.
重要
To ensure that only approved actions can be performed, the MCP server controls which specific API endpoints are available and requires authentication using an API key with permission to access those endpoints.
Before you begin
The MCP server is only available for customers in the United States using the DigiCert® ONE production environment (
one.digicert.com).The URL for the MCP server is
https://mcp.digicert.com/trust-lifecycle-manager.To authenticate to the MCP server, you need an API key for a user or service user in DigiCert ONE with access to Trust Lifecycle Manager and the following user roles (or equivalent permissions) at minimum:
View only: To use the read-only inventory analysis functions.
Certificate owners manager: To manage certificate owners through the MCP server.
User and certificate manager: To assign certificate tags through the MCP server. The only individual permission that's required is
Manage Certificates.
Best practices for using the MCP server
Follow these tips to get the best results from the MCP server:
When querying multiple sources, tag your prompts with "TLM" to help identify the correct MCP server.
To query a specific API endpoint, the API key used for authentication must be for a user or service user with permission to access that endpoint.
To query and manage inventory metadata, include your Trust Lifecycle Manager account ID (UUID) in the initial prompt of each chat session.
For endpoints that require parameters beyond the account ID, provide the additional UUID and parameter values within each prompt.
MCP server capabilities
The MCP server supports the following capabilities for analyzing and managing the data in your Trust Lifecycle Manager account.
Use semantic search to find on-demand information about Trust Lifecycle Manager features.
Example prompts:
What connectors are available for TLM
TLM: How are certificate owners used
Find information about seat usage in your account.
Example prompts:
How many user seats in my TLM account
How many seats in my TLM account are inactive
Search for certificates that match the criteria you specify.
Example prompts:
Give me certs expiring in the next month
How many certs issued for the example.com domain
Get information about and manage certificate owners and tags.
Example prompts:
Get certificate owner details for ID 5bcd1822-cc14-4563-a565-607a6385c3f2
Update certificate owner ID 5bcd1822-cc14-4563-a565-607a6385c3f2 to have email sre.admin@example.com
For certs issued in January 2025, add tag: january-mcp
API endpoints
The MCP server interacts with the following public API endpoints for Trust Lifecycle Manager.
The following endpoints provide read-only access to data in your Trust Lifecycle Manager account.
API endpoint | Description | Required parameters |
|---|---|---|
| List details about certificates in your inventory. | — |
| Get information about certificate owners in your account by ID. |
|
| Get a list of seat records in your account. | — |
| Get information about available seat types. | — |
The following endpoints support management of certificate metadata in your Trust Lifecycle Manager account.
API endpoint | Description | Required parameters |
|---|---|---|
| Add tags to one or more certificates by ID. |
|
| Update certificate owner details by ID. The new email address for the owner contact is always required. To update the owner's name, provide the new first and/or last name in your prompt as well. |
|
IDE configuration examples
Follow these instructions to configure your IDE environment to include the MCP server for Trust Lifecycle Manager. After adding the MCP server, you can use the IDE's integrated AI chatbot to query your inventory data.
重要
For additional details and the most current MCP configuration steps, refer to the official documentation for your IDE platform.
From the menu bar, select View > Command Palette.
In the Command Palette, search for MCP: Add Server and select it.
When prompted to choose a transport type, select HTTP.
Enter the following server URL, then press Enter:
https://mcp.digicert.com/trust-lifecycle-managerEnter a name for the MCP server, for example:
TLM-MCP-serverIf prompted, select the scope for MCP server availability:
Global: The MCP server is available in all workspaces.
Workspace: The MCP server is available only in the selected workspace.
In the generated
mcp.jsonfile, add your API key as a request header. The updated file should look something like this:{ "servers": { "TLM-MCP-server": { "url": "https://mcp.digicert.com/trust-lifecycle-manager", "type": "http", "headers": { "x-api-key": "{api-key-placeholder}" } } }, "inputs": [] }Note: Replace
{api-key-placeholder}with your actual API key.Save the
mcp.jsonfile.Open the settings (gear) menu next to the MCP server name and select Start Server.
To verify availability of the MCP server, open the Command Palette again and run MCP: List Servers.
From the menu bar, select View > Command Palette.
In the Command Palette, select View: Open MCP Settings.
Select the Add Custom MCP button.
Replace the existing JSON configuration with the following:
{ "mcpServers": { "TLM-MCP-server": { "url": "https://mcp.digicert.com/trust-lifecycle-manager", "transport": "sse", "headers": { "x-api-key": "{api-key-placeholder}" } } } }Note:
Adjust the name
TLM-MCP-serveras needed.Replace
{api-key-placeholder}with your actual API key.
Open the MCP settings again from the Command Palette and verify that the MCP server is listed and the toggle switch is enabled.