Where do I manage my organization information?

Your pre-validated organizations and domains & your admins and subscribers

CertCentral includes account management features that help you maintain fast certificate issuance and allow you to authorize others to manage certificates and your account.

If you’re using Managed PKI for SSL (MSSL) or Complete Website Security (CWS), or even if you manage just a few certificates for a few different domains, check here for where to find organization and admin management features in CertCentral.

Where are my pre-validated organizations?

Pre-validated organizations from your Symantec/GeoTrust/Thawte account are already migrated to CertCentral when you activate your new account—just go to Certificates > Organizations.

More about managing organizations in CertCentral

Where are my pre-validated domains?

Pre-validated domains from your Symantec/GeoTrust/Thawte account are scheduled to be migrated to CertCentral later in 2019. If you activate your account for early access before that time, you may want to add the domains to get them pre-validated and ensure fast certificate issuance. To manage your domains, go to Certificates > Domains.

More about managing domains in CertCentral

Where do I set up and manage other admins in CertCentral?

For your current admins who manage certificates and requests, certificate policies, other users and permissions, and other account settings, go to Account > Users to invite them and set their access privileges.

More about managing users in CertCentral

Permission recommendations for your new CertCentral admins

CertCentral admin roles and permissions are different than the privileges you’re familiar with in Managed PKI for SSL (MSSL), Complete Website Security (CWS), or other Symantec/GeoTrust/Thawte console.

Get familiar with CertCentral user roles before adding your admins to your account and assigning their roles. Some additional tips:

  • Assign the CertCentral Administrator role to your current security and super admins to make sure they maintain similar access privileges.
  • For custom roles in CWS, understand and talk about the CertCentral roles with your account manager so you can correctly assign your admins in CertCentral.
  • For the VICE2 role in MSSL and CWS, add and assign a CertCentral API key in Account > Account Access.

For additional help and recommendations, talk to your account manager.

Where do my certificate subscribers request and manage their certificates?

For your employees and customers who request and manage their own certificates, you have these options to invite them to your account:

  • Full certificate management access—These CertCentral users are like subscribers in Managed PKI for SSL (MSSL) and Complete Website Security (CWS). They can request, receive, revoke, replace, and renew their own certificates, but don’t have access to other users’ certificates or account-wide settings.
    Recommended for server admins and certificate owners who need to manage their certificate lifecycle without depending on other CertCentral admins.
    When you create this user in CertCentral, assign the Standard User role and check Limit to placing and managing their own orders.
    More about managing users in CertCentral

  • Request and receive—For users who only need to order and install their certificates. Lifecycle management is maintained by CertCentral admins.
    Recommended for client/device certificates or more centralized certificate management where lifecycle management is limited to 1 or a few admins instead of many end-users.
    Send these users a Guest URL so they can order their certificates quickly, without needing to create account credentials.
    More about creating and sending Guest URLs