Skip to main content

DigiCert CertCentral

Link DigiCert​​®​​ Trust Lifecycle Manager to your CertCentral account to import, enroll, and manage certificates from public and private certificate authorities (CAs) in CertCentral.

When importing certificates from CertCentral, you can map your CertCentral divisions to specific business units in Trust Lifecycle Manager and apply tags to help identify and manage the certificates.

Before you begin

  • You need either CertCentral login credentials or a CertCentral API key for a CertCentral user with a role of Manager or Administrator.

  • If using a CertCentral API key to establish the link, the API key must be configured with API key restrictions set to None.

Add connector

  1. From the Trust Lifecycle Manager main menu, select Integrations > Connectors.

  2. Select the Add connector button.

  3. In the Certificate authorities section, select the tile for CertCentral.

    Complete the resulting form as described in the following steps.

  4. Link account: Select the Region of your CertCentral account and one of the following options for linking to it:

    • Link using CertCentral API key: Enter an active API key from your CertCentral account associated with a user with a role of Manager or Administrator and no restrictions.

    • Link using CertCentral sign-in credentials: Enter an active Username and Password for your CertCentral account, for a user with a role of Manager or Administrator.


    You must enter valid CertCentral credentials before you can configure certificate import options for the connector.

  5. Import attributes: Select options for importing certificates from your CertCentral account into your DigiCert​​®​​ Trust Lifecycle Manager account to be monitored and managed there.

    • Import certificates from this connector: Select whether to import certificates or not. If importing, select options for which certificates to import.

    • Map CertCentral divisions to business unit (optional): Select options for how to assign imported certificates from different CertCentral divisions to your business units in Trust Lifecycle Manager. Only users assigned to the selected business units can manage the imported certificates. If you do not map the certificates to business units, all Trust Lifecycle Manager account users can manage them.

      • Select divisions to map: Choose this option to map your CertCentral divisions one at a time. After mapping each division, select the Add mapping link to map another one.

      • Map all available divisions: Choose this option to list all the CertCentral divisions in your account that have not been mapped yet. For each available division, select the business unit to assign the certificates to in Trust Lifecycle Manager.


      You cannot remap CertCentral divisions that have already been mapped to specific business units in Trust Lifecycle Manager through an existing connector. To change mappings for imported certificates, you must delete the existing connector and add a new connector with the new mappings.

    • Tags (optional): Assign tags to imported certificates as another way to help categorize and manage them.

    • Import frequency: If importing certificates, select scheduling options for ongoing import operations. Enter a value and select units (minutes, hours, or weeks) for how often to check for new certificates to import from the linked CertCentral account.

  6. Select Add to add the CertCentral connector.

Edit connector

To update a CertCentral connector, select it from the Trust Lifecycle Manager Integrations > Connectors page and then select the pencil (edit) icon from the connector details page. From the Edit screen, you can:

  • Change the connector name.

  • Update the CertCentral account credentials if they are not valid. Once the credentials are verified and the account is linked, you can no longer edit the credentials and must instead create a new connector if you want to link to a different CertCentral account.

  • Update the certificate import settings and add new mappings for CertCentral divisions that have not already been mapped to a business unit in Trust Lifecycle Manager. If you add new mappings, an additional option appears to Import all data from those CertCentral divisions. By default, only certificates issued since the last import operation will be imported after you update the connector.


    The Import all data flag runs as a one-time option after you select the Update button. If you need to run another full-data import, you can select this option from the actions (three-dots) menu on the connector details page.

Manage imports from CertCentral

The CertCentral account used in the connector determines which certificates are available to import. Trust Lifecycle Manager checks for accessible certificates in CertCentral at the Import frequency configured in the connector and imports any newly issued certificates since the last import operation.

To import all certificates from the connector following changes to the role or scope of the associated CertCentral user account or API key, select the option to Import all data from the actions menu on the connector details page. This option is only available if certificate imports are enabled for the connector.

Issue certificates


To create certificate profiles and start enrolling certificates from CertCentral, you need:

Certificate templates

Use one of the following base templates to create certificate profiles in Trust Lifecycle Manager for issuing server certificates from CertCentral via a connector. The choice of template depends on whether you will request private or public trust certificates.

Template name

Trust type

Required seat type

CertCentral Private Server Certificate


Certificate management

CertCentral Public Server Certificate


Certificate management

Both templates support the same certificate enrollment methods:

Create profiles

Create each CertCentral certificate profile from one of the above templates. Complete the profile creation wizard based on your unique business needs and how you plan to enroll and manage the certificates. Key profile settings for CertCentral include:

  • Connector: The applicable CertCentral connector.

  • Business unit: The business unit the new certificates will get assigned to in Trust Lifecycle Manager.

  • CertCentral division: The division the certificates will get issued from in CertCentral.

  • Certificate type: The CertCentral certificate product to request. You need to create a separate profile for each CertCentral certificate product you want to enroll from Trust Lifecycle Manager.

  • Organization: The organization for OV/EV certificates.

To learn more about profile creation in Trust Lifecycle Manager, see Create certificate profiles.

What's next

  • Go to the Integrations > Connectors page in Trust Lifecycle Manager to view, check status, or manage a CertCentral connector.

  • Use the certificate profiles you created in Trust Lifecycle Manager to get certificates from the issuing authorities in CertCentral via the enrollment methods you selected.

  • View and manage the issued CertCentral certificates from your Inventory page.

  • For a pre-filtered inventory list of certificates associated with a particular connector, go to Integrations > Connectors and select the View managed certificates action for the connector.