Skip to main content

CMP

DigiCert® Private CA supports enrollment, renewal, and revocation of end entity certificates using the Certificate management protocol (CMP).

Importante

Make sure you have an end entity certificate template in DigiCert Private CA that fits your certificate requirements before you start creating a profile.

To create a CMP profile in DigiCert Private CA:

  1. In the main menu, select Profiles.

  2. Select CMP under Protocols.

  3. Enter a Profile name.

  4. [Optional] Add a Description for your profile.

  5. Select the Protocol version you prefer, from the available options.

  6. In Issuer ID, select the private intermediate certificate authority that you use for your certificate requests.

  7. Select a Certificate template ID. You can only use one template in a profile. Create multiple profiles for different templates or certificate settings.

  8. Select the Certificate validity details, like how many days, months, or years the issued certificates are valid for.

  9. Enter a value in days for your preferred Renewal window. Your private CA rejects any renewal requests outside this window.

  10. Select your Authentication method. You also need to set up this method in your certificate requesting client or registration authority.

  11. Select the Signature algorithm supported by the profile.

  12. Select Submit.

Your CMP profile is saved.

Select Profiles in the main menu to see your saved profiles.

CMP URL

To copy the URL, select a profile and go to the Profile details page.

You must configure this URL in your CMP clients to request certificates from your private CA.

A CMP URL in DigiCert® Private CA is structured as follows:

https://<your-ca-domain>/certificate-authority/api/v1/cmp/<ProfileID>

Where:

  • https://<your-ca-domain> is the base domain of your DigiCert Private CA instance.

  • /certificate-authority/api/v1/cmp/ is the standard path used by DigiCert Private CA for CMP protocol communication. It identifies that the request is for a CA-managed CMP endpoint.

  • <profile ID> is the unique identifier of the CMP issuance profile. Each profile you create in DigiCert® Private CA gets its own automatically generated ID. This value determines which CA, certificate template, and issuance policy the request follows.

Nesta secção: