Skip to main content

DigiCert On-prem CA

Add a DigiCert On-prem CA connector to use DigiCert​​®​​ Trust Lifecycle Manager to issue, import, and revoke private certificates from a DigiCert On-premises Private CA server.

Before you begin

On-prem CA prerequisites

  • DigiCert On-premises Private CA server installed and configured on your network. To learn more, see On-premise DigiCert® Private CA.

  • You need the URL used to access and issue certificates from the DigiCert On-prem CA.

  • You need an API key for your On-prem CA account for a user with the Issuer role.

Trust Lifecycle Manager prerequisites

  • The DigiCert On-prem CA feature must be enabled for your account. Contact your DigiCert account representative to verify or enable this feature.

  • You need an active DigiCert sensor on your network that can connect to the URL for the DigiCert On-prem CA. To learn more, see Deploy and manage sensors.

Add On-prem CA connector

  1. From the Trust Lifecycle Manager main menu, select Integrations > Connectors.

  2. Select the Add connector button.

  3. In the Certificate authorities section, select the option for DigiCert On-prem CA.

    Complete the form as described in the following steps.

  4. Configure general properties in the top section of the form:

    • Name: Assign a friendly name to this connector.

    • Business unit: Select a business unit for this connector. Only users assigned to this business unit can manage the connector.

    • Managing sensor: Select the DigiCert sensor that will manage this connector.

  5. In the Link account section, enter the access details for your On-prem CA server:

    • On-prem URL: The complete URL used to access and issue certificates from the On-prem CA.

    • API key: The API key of your On-prem CA account.

      참고

      The API key must be associated with a user assigned the Issuer role.

  6. Fill out the Import attributes section if you want to import existing certificates from the DigiCert On-prem CA connector.

    • Import certificates from this connector: Select whether to import certificates or not. If importing, select options for which certificates to import.

  7. Fill out the Import certificates section if you want to import all valid certificates, certificates that are about to expire within the selected number of days, or revoked certificates that have not expired.

  8. Business unit (optional): Assign a business unit to imported certificates. Only users assigned to this business unit can manage the imported certificates.

  9. Tags (optional): Assign tags to the imported certificates to help filter and manage them in Trust Lifecycle Manager.

  10. Import frequency: If importing certificates, select scheduling options for ongoing import operations. Enter a value and select units (minutes, hours, or weeks) for how often to check for new certificates to import from the linked On-prem CA account.

  11. Select Add to create the On-prem CA connector with the configured settings.

Issue certificates

Available base templates

Use one of the following base templates to create certificate profiles in Trust Lifecycle Manager for issuing certificates from a connected On-prem CA server.

Template name

Seat type

Enrollment methods

CA Manager Private Server Certificate

Certificate management

DigiCert sensor

CA Manager Private mTLS Certificate

Certificate management

mTLS over ACME

Create profiles

Create each On-prem CA certificate profile from one of the above templates. Complete the profile creation wizard based on your unique business needs and how you plan to deploy the On-prem CA certificates. Key profile settings for On-prem CA include:

  • CA service: Select DigiCert On-prem CA, then select the On-prem CA connector to use from the dropdown.

  • Issuing CA: Select the name of the DigiCert On-premises Private CA to issue certificates from.

  • Enrollment method: Select either DigiCert sensor or mTLS over ACME, depending on which base template you started with.

What's next

  • Monitor and manage certificates from your Inventory page in Trust Lifecycle Manager.

  • Go to the Integrations > Connectors page to view, check status, or manage a connector.

  • Select one of the View actions for a connector to load a pre-filtered inventory list of digital trust assets associated with it.