Skip to main content

클라이언트 인증서 주문

중요

DigiCert's publicly trusted S/MIME-related client certificates (Premium, Email Security Plus, Digital Signature Plus, and Client 1 S/MIME) are compliant with the new Baseline Requirements for the Issuance and Management of Publicly‐Trusted S/MIME Certificates.

However, DigiCert recommends moving to our new Secure Email S/MIME certificate products at your earliest convenience: Secure Email for Individual, Secure Email for Business, and Secure Email for Organization.

시작하기 전에

조직 정책에서 클라이언트 인증서 주문과 함께 CSR(인증서 서명 요청)을 포함하도록 요구하는 경우 CSR을 만듭니다. CSR(인증서 서명 요청) 만들기 방법에 대해 알아보십시오.

조직 정책에서 클라이언트 인증서 주문과 함께 CSR(인증서 서명 요청)을 포함하도록 요구하는 경우 CSR을 만듭니다. CSR(인증서 서명 요청) 만들기 방법에 대해 알아보십시오.

  • Provide a CSR now.

    You can only add a CSR when you place your request. After submitting your order, you cannot add or update a CSR.

    Client certificates support the following algorithms and key lengths:

    • RSA 2048, 3072, and 4096

    • ECC p-256 and p-384

    We only use the public key embedded in the CSR to create your certificate. All other fields in the CSR are ignored. Learn how to Create a CSR (Certificate Signing Request).

  • Provide a CSR later.

    After DigiCert processes your order and you complete the necessary email address validation, we send instructions to the email recipient for generating the CSR and certificate in their browser.

    For browser-generated certificates, we use an RSA algorithm, SHA256 signature hash, and a 2048-bit key length CSR. Learn how to Generate your client certificate using DigiCert's KeyGen tool.

Organization validation

Before we can issue a client certificate to an employee or company representative, DigiCert must validate the organization for SMIME – SMIME Organization Validation. Organization validation is valid for 825 days. See How we validate your organization.

Use one of the following options to validate your organization:

  • Prevalidate the organization

    CertCentral features an organization prevalidation process that allows you to validate your organization before ordering certificates. Completing the organization validation ahead of time allows for quicker certificate issuance. See Submit an organization for prevalidation.

  • Validate the organization as part of the order process

    If you add a new organization or an organization with expired S/MIME validation, DigiCert will complete the S/MIME organization validation as part of the order process.

Email address domain requirement

Before DigiCert can issue your client certificate, you must demonstrate control over the domains in the email addresses on the certificate order. In other words, if you add john.doe@example.com, you must complete the domain control validation (DCV) for the email address domain example.com.

중요

Industry standards prevent Certificate Authorities (CAs), such as DigiCert, from issuing a secure email-type certificate until domain control validation is completed for the email address on the certificate.

Use one of the following domain validation options to demonstrate control over the email address domain:

  • Prevalidate the domain

    CertCentral features a domain prevalidation process that allows you to validate your domains before ordering certificates. See Domain prevalidation: Domain control validation (DCV) methods.

    Completing the domain validation ahead of time allows for quicker certificate issuance. You can also use any supported DCV method to complete the domain validation: Email, DNS CNAME, DNS TXT, and HTTP Practical Demonstration.

  • Validate the domain as part of the order process

    If you add an email address with a new domain or a domain with expired validation, you can complete the domain validation as part of the order process.

    When ordering a client certificate, you must use the Email DCV method to demonstrate control over the "unvalidated" email address domains on the order. Currently, this is the only supported DCV method for completing the domain validation during the order process.

    To validate the email domain, an email recipient follows the instructions in a confirmation email sent for the domain. The confirmation process consists of visiting the link provided and following the instructions on the page.

Organization attestation requirement

By adding a recipient name, your organization attests the individual is a valid employee or company representative and is included in official company registries. In other words, your organization is the registration authority for the individuals ordering these certificates. DigiCert only validates your organization, not the individuals.

클라이언트 인증서 주문

  1. 사이드바 메뉴에서 인증서 요청을 가리킵니다. 그 다음, 클라이언트 인증서 아래에서 주문하려는 클라이언트 인증서를 선택합니다.

  2. 클라이언트 인증서 요청 페이지의 인증서 설정 아래에서 인증서 세부 정보를 제공합니다.

    1. 조직

      드롭다운에서 클라이언트 인증서를 요청하는 조직을 선택합니다. 미리 유효성을 검사하나 조직만 드롭다운에 나타납니다. 원하는 조직을 찾을 수 없는 경우, 관리자에게 문의하십시오.

      참고: 조직 이름은 클라이언트 인증서에 표시됩니다.

    2. 서명 해시

      드롭다운에서 서명 해시를 선택합니다.

    3. 유효 기간

      인증서에 대한 유효 기간 1년, 2년, 3년, 사용자 지정 만료 날짜 또는 사용자 지정 기간입니다.

  3. 주문 옵션 아래의 자동 갱신 드롭다운에서 인증서의 자동 갱신 주기를 선택합니다.

    주문 옵션 아래의 자동 갱신 드롭다운에서 인증서의 자동 갱신 주기를 선택합니다.

  4. 요청할 인증서 아래에서, 수신자 세부 정보를 입력합니다.

    요청할 인증서 아래에서, 수신자 세부 정보를 입력합니다.

    1. 수신자 이름(일반 이름)

      1. Select Email.

      2. Under Recipient email, enter the address you want to secure and use for the common name on the certificate.

    2. 수신자 이메일

      1. Select Name.

      2. Under Recipient name (Common name), enter the recipient's name.

      3. Under Recipient email, enter the address you want the certificate to secure.

    중요

    Only include email addresses with domains owned/controlled by your organization.

    • To include email addresses from public email service providers such as Gmail, Outlook, Yahoo, Hotmail, MSN, etc., order a Secure Email for Individual certificate.

    • To include an email address from a public email service provider you control, you must prevalidate the email address domain.

  5. 인증서를 주문하기 위해 CSR을 사용하는 경우, 수신자 CSR 상자에 CSR을 업로드하거나 붙여 넣습니다.

    You can add your CSR now or generate it in your browser after DigiCert processes your order, and we are ready to issue it.

    1. Generate CSR in the browser

      To generate the CSR and your certificate via the browser, select Generate CSR in the browser. For this option, we send instructions to the email recipient for using the DigiCert KeyGen tool to generate the CSR and certificate in their browser.

    2. Add CSR

      To include a CSR with your request, select I have my CSR. Upload or paste your CSR in the box.

      중요

      Your CSR must include the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags.

  6. 추가로 클라이언트 인증서 수신자를 추가하려면 다른 인증서 추가 링크를 클릭하고 수신자의 수신자 세부 정보를 입력합니다.

    Additional emails (optional)

    Enter the email addresses (comma separated) for the people you want to receive the certificate notification emails with information such as certificate issuance and certificate renewals.

    추가로 클라이언트 인증서 수신자를 추가하려면 다른 인증서 추가 링크를 클릭하고 수신자의 수신자 세부 정보를 입력합니다.

  7. 결제 방법 선택

    결제 정보 아래에서 인증서를 지불하는 결제 방법을 선택합니다.

    1. 신용 카드로 결제

      계약이 되어 있지 않거나, 이 인증서에 대해서는 계약을 사용하지 않겠습니까? 신용 카드를 사용하여 인증서에 대해 결제합니다.

      참고: 요청을 받은 후에 카드를 승인합니다. 그렇지만 인증서를 발급한 후에만 트랜잭션을 완료합니다.

    2. 계약 조건으로 결제

      계약이 되어 있으며 계약을 사용하여 인증서에 대해 결제하시겠습니까? 계약을 사용하여 결제합니다.

      참고: 계약이 있는 경우, 계약이 기본 결제 방법입니다.

    3. 계정 잔액으로 결제

      계약이 되어 있지 않거나, 이 인증서에 대해서는 계약을 사용하지 않겠습니까? 비용을 계정 잔액에 청구합니다.

      금액을 입금하려면 입금 링크를 클릭하십시오.

      Note: Selecting the Deposit link takes you to another page inside your CertCentral account. Any information entered in the request form will not be saved.

  8. 인증서 서비스 계약

    계약을 읽은 후에 위의 인증서 서비스 계약에 동의합니다를 선택합니다.

  9. 인증서 요청 제출을 클릭합니다.

    By selecting Submit Request, you agree to the Master Service Agreement.

다음 단계

Before we can issue your certificate, these tasks must be completed:

  1. Demonstrate control over the domains on your order

    Complete the domain validation for the email address domains on the order (demonstrate control over the domain).

  2. Complete organization validation

    DigiCert must validate and authenticate your authority to order a certificate for the organization on your certificate order. To do this, we will call a verified phone number to speak with someone who represents you, the certificate requestor, such as the organization or technical contact.

    To get organization consent for your certificate order:

    1. Answer the organization/validation phone call (preferred method)*

      1. After you submit your certificate order, ensure that the organization contact, technical contact, and company receptionist know you’ve ordered a DigiCert client certificate.

      2.  Let them know DigiCert will call a verified phone number to speak with one of them to complete organization validation/authentication.

      3. This phone call usually takes place within 24 hours of the order being placed.

    2. Respond to the organization consent message

      1. If the DigiCert validation agent can’t reach someone who represents you at the verified phone number, they will leave a message with a call-back phone number and a verification code.

      2. Make sure that the organization or technical contact responds to the message and provides the verification code.

Getting your client certificate

  • Generate CSR in the browser

    After all email addresses are validated, a link will be sent to the first email address on the list so the recipient can generate the CSR and client certificate via the browser. See Generate your client certificate.

  • Included a CSR with your request

    If you submitted a CSR with your request, the client certificate will be attached to the "client certificate issued" email. You can also download a copy from your account.