Skip to main content

Lead guide

The account lead is responsible for managing assets, users, and is able to sign with the key stored DigiCert​​®​​ Software Trust Manager.

Follow the instructions below to set up your account for code signing.

Before adding new users, identify the type of user and the role you need them to play in the account.

There are two types of DigiCert ONE users:

There are 5 types of Software Trust Manager user roles:

Based on the user types and user roles you have reviewed above, follow one of the procedures below to add a user to DigiCert ONE:

Select users, groups, or both to form a team and then map relevant resources to them. You can restrict team resources such as keypairs, releases, and enforce keypair profiles and certificate profiles. If you do not see this option, enable teams.

To create a team:

  1. Sign in to DigiCert ONE.

  2. Navigate to the Manager menu icon (top-right) > Software Trust.

  3. Select Account > Teams.

  4. Select Create.

Tip

For more detailed instructions, refer to Teams .

Keypair profiles simplify keypair generation by preconfiguring values for all keypair options. If you do not see Keypair profiles in the left navigation menu, enable keypair profiles.

To create a keypair profile:

  1. Sign in to DigiCert ONE.

  2. Navigate to manager menu icon (top-right) > Software Trust.

  3. Select Keypairs > Keypair profiles.

  4. Select Create keypair profile.

Tip

For more detailed instructions, refer to Keypair profiles.

A keypair is required to create a certificate and sign. You have permission create keypairs, review the two keypair types supported by Software Trust Manager:

If you intend to use publicly trusted certificates, integrate your account with CertCentral. If you do not see an Integrations tab in the left navigation bar, contact your account manager to enable CertCentral integration.

Tip

For more detailed instructions, refer to CertCentral integration.

Set up CertCentral integration

To set up CertCentral integration:

  1. Sign in to DigiCert ONE.

  2. Navigate to the Manager menu icon (top-right) > Software Trust.

  3. In the left navigation bar, select Integration > CertCentral.

  4. Link your CertCentral account by choosing one of the three options below:

    1. Enter your CertCentral credentials.

    2. Create a CertCentral account.

    3. Connect using your CertCentral API key.

Opmerking

If you choose to connect using your API key, follow the instructions below to generate an API key in CertCentral.

Generate an API key in CertCentral

  1. Sign in to CertCentral.

  2. In the left-hand side navigation bar, select Automation.

  3. Navigate to: API Keys > Add API Key.

  4. Complete the following fields:

    Field

    Description

    Description

    Provide an identifiable name for your CertCentral API key.

    User

    Select a user you want to link the CertCentral API key to.

    Opmerking

    The user must have the Administrative role assigned to them in CertCentral.

    API key restrictions

    Select Orders, Domains, and Organizations.

  5. Select Add API Key.

Opmerking

The API key is only shown once, it cannot be accessed again. Securely store the API key to use it later.

Certificate profiles simplify certificate generation by preconfiguring values for all certificate options.

To create a certificate profile:

  1. Sign in to DigiCert ONE.

  2. Navigate to: Manager menu icon (top right) > Software Trust.

  3. Select Certificates > Certificate profiles.

  4. Select Create certificate profile.

Tip

For more detailed instructions, refer to Certificate profiles.

A certificate is required to sign. You have permission generate certificates, you can generate public or private code signing certificates in Software Trust Manager.

To create a certificate:

  1. Sign in to DigiCert ONE.

  2. Navigate to the Manager menu icon (top right) > Software Trust.

  3. Select Keypairs.

  4. Hover over the keypair you want to use to create the certificate until the menu icon appears.

  5. Select Generate certificate.

Tip

For more detailed instructions, refer to Certificates.

Releases protect keys by restricting their use to pre-approved dates and times. The pre-approved date and time selected for a release is referred to as a release window. Within a release window, organizations can control which keypairs can be used, who can use them, and the maximum number of signatures that can be used during the release.

To create a software release:

  1. Sign in to DigiCert ONE.

  2. Navigate to the manager menu icon (top-right) > Software Trust.

  3. Select Releases.

  4. Select Create release.

Tip

For more detailed instructions, refer to Releases.

Software Trust Manager offers two types of threat detection. You can scan your software for malware, vulnerabilities, secrets, and more before releasing your software for consumption using our Dynamic Application Security Testing (DAST) service powered by ReversingLabs. You can also scan Developer ID-signed software for malicious components before distribution outside of the Mac App Store.

Tip

If you do not see Threat detection in the left navigation menu, contact your account manager to add ReversingLabs integration to your service agreement. For more information about how to run a scan and interpret a scan report, refer to Threat detection.

Next steps

If you as the account lead also want to sign, follow the instructions in the Signer's guide to get ready to sign with your private key stored in Software Trust Manager.

The following articles may be useful to you while managing the account: