GlobalSign connector
With a GlobalSign (GCC) connector in DigiCert® Trust Lifecycle Manager, you can:
Discover and import all certificate types from your GlobalSign Certificate Center (GCC) account for centralized monitoring in Trust Lifecycle Manager.
Use Trust Lifecycle Manager to issue, manage, and automate public server certificates from GlobalSign CAs using various enrollment methods.
Before you begin
Before adding a GlobalSign connector in Trust Lifecycle Manager, make sure the following prerequisites are satisfied.
Your account must include a tile for GlobalSign (GCC) in the Certificate authorities category under Integrations > Connectors > Add connector. For help verifying or enabling this feature, contact your DigiCert account representative.
You need an active DigiCert sensor to establish and manage the connection to your GlobalSign Certificate Center account. To learn more, see Deploy and manage sensors.
Make sure the Certificate Manager REST API is enabled for your GlobalSign Certificate Center account.
You need the username and password for an API administrator user in your GlobalSign Certificate Center account, with access to the certificate types (and organizations) you’ll import, issue, and manage via the connector in Trust Lifecycle Manager.
DigiCert recommends using GlobalSign Certificate Center account credentials for an administrator with at least a Manager or Super User role.
Add GlobalSign (GCC) connector
To add the GlobalSign (GCC) connector in Trust Lifecycle Manager:
From the Trust Lifecycle Manager menu, go to Integrations > Connectors.
Select the Add connector button.
In the Certificate authorities section, select GlobalSign (GCC).
Complete the form as described in the following steps.
Configure the general connector properties in the top section of the form:
Name: Assign a friendly name to this connector.
Business unit: Select a business unit for this connector. Only users assigned to this business unit can manage the connector.
Managing sensor: Select one or more active DigiCert sensors to manage the integration.
Tip
Selecting multiple sensors adds fault-tolerance to the integration. If one sensor fails, Trust Lifecycle Manager will automatically fail over and use one of the other sensors.
Configure the GlobalSign access details in the Link account section:
Username: Enter the username for an API administrator user in your GlobalSign Certificate Center account with access to the applicable certificate types and organizations to manage with this connector. For minimum required permissions, see GlobalSign prerequisites.
Password: Enter the password for the API administrator user in GlobalSign.
Fill out the Import attributes section if you want to import existing certificates from GlobalSign:
Import certificates from this connector: Select whether to import certificates or not. If importing, select options for which certificates to import.
To import all certificates into Trust Lifecycle Manager, select the All valid certificates option.
To import certificates that expired within a time frame, select the All expired certificates within 15, 30, 45, 90 days option.
To import certificates that are revoked but not yet expired, select the All revoked certificates that are not expired option.
Business unit: (Optional) Assign a business unit to imported certificates. Only users assigned to this business unit can manage the imported certificates in Trust Lifecycle Manager.
Certificate assignment rules: (Optional) Select assignment rules for automatically assigning metadata to imported certificates.
Import frequency: Select scheduling options for ongoing import operations. Enter a value and select units (minutes, hours, or weeks) for how often to import certificates from GlobalSign.
Select Add to create the GlobalSign connector with the configured settings.
Issue certificates
GlobalSign prerequisites
To issue GlobalSign certificates from Trust Lifecycle Manager, make sure the following requirements are satisfied for the connected GlobalSign Certificate Center account:
At least one certificate profile is configured in GlobalSign Certificate Center.
At least one prevalidated domain is available for certificate issuance in GlobalSign. All certificate enrollment methods in Trust Lifecycle Manager require the domains to be prevalidated in GlobalSign.
Base template
Use the following base template to create certificate profiles in Trust Lifecycle Manager for issuing public server certificates from the CAs in a connected GlobalSign Certificate Center account.
Template name | Trust type | Enrollment methods | Authentication methods |
|---|---|---|---|
| Public |
|
|
|
| ||
| — |
Create profiles
Complete the profile creation wizard based on your unique business needs and how you plan to enroll and deploy the GlobalSign certificates. Key profile settings for GlobalSign include:
Connector: The GlobalSign (GCC) connector to use in Trust Lifecycle Manager.
GlobalSign certificate profile: The certificate profile in GlobalSign to issue certificates from. Most certificate options are defined by the GlobalSign profile you select here.
GlobalSign product type: Select the types of certificates to discover, import, and manage. Options include:
Intranet SSL: For internal systems and private networks.
Cloud SSL: For cloud-hosted environments and applications.
Organizational SSL: For public-facing websites that require organizational validation.
Enrollment method: Select one of the enrollment methods in the preceding table for how to enroll certificates from this profile in Trust Lifecycle Manager. To learn more, see Enrollment and authentication methods.
Opmerking
For third-party ACME flows, the certificate signing request (CSR) generated by the ACME client must include a common name. If it doesn’t include a common name, provide a CSR with a common name during the order request. GlobalSign doesn’t accept CSRs without a common name.
After creating a profile in Trust Lifecycle Manager, you can begin issuing certificates from it using the enrollment method you selected.
What's next
Monitor and manage certificates from your Inventory page in Trust Lifecycle Manager.
Go to the Integrations > Connectors page to view, check status, or manage a connector.
Select one of the View actions for a connector to load a pre-filtered inventory list of digital trust assets associated with it.