Skip to main content

Configure the ICA certificate chain feature for your public TLS certificates

Choose the ICA certificate chains to meet your DV, OV, and EV TLS certificate needs

Prerequisites

  • Public DV, OV, and EV TLS certificates in your account.

  • ICA certificate chain selection feature enabled for your account.

To start using the ICA certificate chain selection feature, contact your account manager or our support team. Your account manager can add needed DV, OV, and EV TLS certificates to your account.

Before you begin

Use the ICA certificate chain selection feature to:

  • Set the default ICA certificate chain for your DV, OV, and EV TLS certificates.

  • Control the ICA certificate chains certificate requestors can use to issue their TLS certificate.

Configure your ICA certificate chain options

Your ICA certificate chain configurations also determine what ICA certificate chains are available when ordering the same type of certificate via the Services API.

  1. In CertCentral, in the left main menu, go to Settings > Product Settings.

  2. Configure the ICA certificate chain settings for your account or a division in your account.

    If you have divisions, use the division (For) dropdown to configure the ICA certificate chain selections for a division.

  3. Configure the ICA certificate chain settings for a role in your account or a division.

    1. To configure role-based ICA certificate chain selections, check Configure products by role.

    2. In the Role column, select a role: Administrator, Limited User, Finance Manager, Manager, or Standard User.

  4. Configure the default ICA certificate chain for the TLS certificate.

    1. In the Product column, select a public DV, OV, or EV TLS certificate.

    2. In the Product Settings column, in the Default intermediate chain dropdown, select the ICA certificate chain you want to issue the TLS certificate by default.

  5. Configure which ICA certificate chains are available on the TLS certificate request form.

    In the Product Settings column, in the Allowed intermediate chains [Intermediate CA] > [Root CA] dropdown, select the intermediate certificate chains a requester can use to issue the TLS certificate.

    Note: On the TLS certificate order form, the "default" chain is preselected. If the requester wants to use a different intermediate chain, they must expand the Additional certificate options section and select a different one.

    To remove the requester's ability to use a different ICA certificate chain, only add the default ICA certificate chain. On the order form, the "default" chain is preselected. However, the requester won't be able to change it.

  6. Go to the bottom of the page and select Save Settings.

What's next

Default ICA certificate chain

The next time you order the public DV, OV, or EV TLS certificate, DigiCert will use the ICA certificate chain you set as the default to issue your TLS certificate.

Multiple ICA certificate chains available

The next time you order the public DV, OV, or EV TLS certificate, you can select the ICA certificate chain DigiCert should use to issue your TLS certificate.

To select a different ICA certificate chain:

  1. On the certificate request form, expand Additional certificate options.

  2. In the Intermediate chains [Intermediate CA] > [Root CA] dropdown, select an ICA certificate chain to issue the TLS certificate.