Skip to main content

Create a CMP profile

The CMP profile generates the URL required to connect your CMP client to DigiCert® Private CA. It also binds incoming requests to a specific issuing CA, certificate template, authentication method, and lifecycle rules.

중요

Make sure you have an end entity certificate template in DigiCert Private CA that fits your certificate requirements before you start creating a profile.

To create a CMP profile in DigiCert Private CA:

  1. In the main menu, select Profiles.

  2. Select Create profile.

  3. Select CMP under Protocols.

  4. Enter a Profile name.

  5. [Optional] Add a Description for your profile.

  6. Select the Protocol version you prefer, from the available options.

  7. In Issuer CA, select the private intermediate certificate authority that you use for your certificate requests.

  8. Select a Certificate template ID. You can only use one template in a profile. Create multiple profiles for different templates or certificate settings.

  9. Select the Certificate validity details, like how many days, months, or years the issued certificates are valid for.

  10. Enter a value in days for your preferred Renewal window. Your private CA rejects any renewal requests outside this window.

  11. Select your Authentication method. You also need to set up this method in your certificate requesting client or registration authority.

  12. Select the Signature algorithm allowed by the profile.

  13. Select Submit.

Your CMP profile is saved.

Select Profiles in the main menu to see your saved profiles.

CMP URL

When you're ready to set up your CMP client, go to the CMP profile in DigiCert Private CA and copy the URL.

CMP URLs are structured as follows:

https://<your-ca-domain>/certificate-authority/api/v1/cmp/<ProfileID>

Where:

  • https://<your-ca-domain> is the base domain of your DigiCert Private CA instance.

  • /certificate-authority/api/v1/cmp/ is the standard path used by DigiCert Private CA for CMP protocol communication. It identifies that the request is for a CA-managed CMP endpoint.

  • <profile ID> is the unique identifier of the CMP issuance profile. Each profile you create in DigiCert Private CA gets its own automatically generated ID. This profile determines which CA, certificate template, and issuance policy the request follows.

이 섹션의 내용: