Keypair profiles
Keypair profiles simplify keypair generation by preconfiguring values for all keypair options. Keypair profiles are only enforced when enabled on your account. You can assign specific keypair profiles to specific teams during team creation.
Enable keypair profiles
You require the Manage keypairs
permission to enable keypair profiles.
Sign in to DigiCert ONE.
Select the Manager menu (top right) > Software Trust.
Select Account > Account settings.
Select the edit icon.
Select the checkbox next to Require keypair profile to generate keypair.
Select Update settings.
Create keypair profiles
You require the Manage keypair
permission to create a keypair profile.
Sign in to DigiCert ONE.
Select the Manager menu (top right) > Software Trust.
Navigate to: Keypairs > Keypair profiles.
Select Create keypair profile.
Complete these fields:
Field | Description |
---|---|
Profile name | Name to uniquely identify this keypair profile. |
Profile type | Select Fixed (user cannot change values during keypair generation) or Customizable (user can change values during keypair generation) |
Profile scope | Select System or Account (only an account scope user can choose account). |
Keypair status | Select Online to generate keypairs that can be used to sign at any time. |
Select Offline to generate keypairs that can only be used to sign during a release window. | |
Algorithm | Select MLDSA, RSA, ECDSA, and EdDSA (when you select EdDSA the key curve sets to Ed25519) |
Security level / Key size / Key curve | Select MLDSA44, MLDSA65, or MLDSA87 key size for MLDSA algorithms. |
Select 2048, 3072, or 4096 key size for RSA algorithms. | |
Select P-256 or P-384 key curve for ECDSA algorithms. | |
Ed25519 is the only allowed key curve for EdDSA algorithms. | |
Keypair category | Select Production or Test. |
Keypair storage | Select one of the following key storage methods:
NotaTo use use DPoD HSM storage, DPoD must be set up in CA Manager and enabled for your account. |