Coming soon: OpenSSL provider
This OpenSSL Provider is a drop-in OpenSSL 3.x provider that lets any OpenSSL-enabled application sign artifacts using signing keys stored in DigiCert® Software Trust Manager. It plugs into OpenSSL's provider architecture via a shared library, meaning that existing OpenSSL commands and toolchains work unchanged; you simply add -provider digicert_stm to your command line.
Before you begin
Before you begin, make sure you have:
OpenSSL
3.1or later (ML-DSA requires OpenSSL3.5.0or later)Operating system:
Windows (x64, x86, ARM64)
Linux (x64, x86, ARM64)
macOS (x64, ARM64/Apple Silicon)
A DigiCert ONE account with Software Trust Manager access:
Dica
If your environment uses a corporate TLS inspection proxy, set SM_CA_FILE to a PEM bundle that includes your proxy's CA certificate, or set SM_TLS_SKIP_VERIFY=true (not recommended for production).
Step 1: Download OpenSSL provider
In the Software Trust menu, go to Resources > Client tool repository.
Select the Client tools tab.
Select the download icon next to OpenSSL provider.
Step 2: Place and verify the OpenSSL provider
Place the OpenSSL provider in a location where OpenSSL can discover it, then verify that it loads correctly. This ensures the provider is available for use before configuring your environment and running signing commands.
The OpenSSL provider name differs based on your platform:
Step 2.1: Place the OpenSSL provider
OpenSSL discovers providers from the directory pointed to by the OPENSSL_MODULES environment variable, or from the compiled-in MODULESDIR path.
Step 2.2: Verify the provider loads
Run the verify command:
openssl list -providers -provider digicert_stm
Expected output (version may vary):
Providers:
digicert_stm
name: DigiCert STM OpenSSL Provider
version: 1.x.x
status: activeStep 3: Set your environment variables
Set the required environment variables before running any commands.