Sectigo connector
With a Sectigo connector in DigiCert® Trust Lifecycle Manager, you can:
Discover and import all certificate types from your Sectigo account for centralized monitoring in Trust Lifecycle Manager.
Use Trust Lifecycle Manager to issue, manage, and automate public server certificates from Sectigo CAs using various enrollment methods.
Before you begin
Before adding a Sectigo CA connector in Trust Lifecycle Manager, make sure the following prerequisites are satisfied.
You need an active DigiCert sensor to establish and manage the connection to your Sectigo account. To learn more, see Deploy and manage sensors.
Make sure the Certificate Manager REST API is enabled for your Sectigo account.
You need to know the base URL and customer URI for accessing your Sectigo account.
You need the username and password for an API administrator user in your Sectigo account, with access to the certificate types (and organizations) you will import, issue, and manage via the connector in Trust Lifecycle Manager.
DigiCert recommends using Sectigo credentials for an administrator with the RAO Admin-SSL role and at least the following minimum privileges enabled:
Privilege group
Minimum privileges
Domain privileges
Manage domains
SSL certificate privileges
Request SSL certificates
Renew SSL certificates
Replace SSL certificates
Revoke SSL certificates
Manage SSL certificates1
Client certificate privileges
Manage client certificates1
Device certificate privileges
Manage device certificates1
Organizational privileges
Add organizations & departments
1. Manage permissions are required to discover and import different certificate types into Trust Lifecycle Manager.
Add Sectigo connector
To add a Sectigo connector in Trust Lifecycle Manager:
From the Trust Lifecycle Manager menu, go to Integrations > Connectors.
Select the Add connector button.
In the Certificate authorities section, select the option for Sectigo.
Complete the form as described in the following steps.
Configure the general connector properties in the top section of the form:
Name: Assign a friendly name to this connector.
Business unit: Select a business unit for this connector. Only users assigned to this business unit can manage the connector.
Managing sensor: Select one or more active DigiCert sensors to manage the integration.
작은 정보
Selecting multiple sensors adds fault-tolerance to the integration. If one sensor fails, Trust Lifecycle Manager will automatically fail over and use one of the other sensors.
Configure the Sectigo access details in the Link account section:
Base URL: Enter the base URL you use to access Sectigo Certificate Manager (for example,
https://cert-manager.com).Username: Enter the username for an API administrator user in your Sectigo account with access to the applicable certificate types and organizations to manage with this connector. For minimum required permissions, see Sectigo prerequisites.
Password: Enter the password for the API administrator user in Sectigo.
Customer URI: Enter the unique customer identifier for your Sectigo account (for example,
cst01234).
Fill out the Import attributes section if you want to import existing certificates from Sectigo:
Import certificates from this connector: Select whether to import certificates or not. If importing, select options for which certificates to import.
To import certificates into Trust Lifecycle Manager that were originally discovered in your Sectigo account, select the Sectigo-discovered certificates (all CAs) option.
Business unit: (Optional) Assign a business unit to imported certificates. Only users assigned to this business unit can manage the imported certificates in Trust Lifecycle Manager.
Certificate assignment rules: (Optional) Select assignment rules for automatically assigning metadata to imported certificates.
Import frequency: Select scheduling options for ongoing import operations. Enter a value and select units (minutes, hours, or weeks) for how often to import certificates from Sectigo.
Select Add to create the Sectigo connector with the configured settings.
Issue certificates
Sectigo prerequisites
To issue Sectigo certificates from Trust Lifecycle Manager, make sure the following requirements are satisfied for the connected Sectigo account:
At least one certificate profile is configured in Sectigo Certificate Manager (SCM).
At least one prevalidated organization and domain is available for certificate issuance in Sectigo. All certificate enrollment methods in Trust Lifecycle Manager require the organizations and domains to be prevalidated in Sectigo.
Base template
Use the following base template to create certificate profiles in Trust Lifecycle Manager for issuing public server certificates from the CAs in a connected Sectigo account.
Template name | Trust type | Enrollment methods |
|---|---|---|
| Public |
|
Create profiles
Complete the profile creation wizard based on your unique business needs and how you plan to enroll and deploy the Sectigo certificates. Key profile settings for Sectigo include:
Connector: The Sectigo CA connector to use in Trust Lifecycle Manager.
Sectigo organization: The organization in Sectigo to use for issuing certificates.
Sectigo certificate profile: The certificate profile in Sectigo to issue certificates from. Most certificate options are defined by the Sectigo profile you select here.
참고
Organizational details present in your Sectigo account will be automatically added to certificates.
Enrollment method: Select one of the enrollment methods in the preceding table for how to enroll certificates from this profile in Trust Lifecycle Manager. To learn more, see Enrollment and authentication methods.
After creating a profile in Trust Lifecycle Manager, you can begin issuing certificates from it using the enrollment method you selected.
What's next
Monitor and manage certificates from your Inventory page in Trust Lifecycle Manager.
Go to the Integrations > Connectors page to view, check status, or manage a connector.
Select one of the View actions for a connector to load a pre-filtered inventory list of digital trust assets associated with it.