Where do I manage my organization information?

Your prevalidated organizations and domains & your administrators and subscribers

CertCentral includes account management features that help you maintain fast certificate issuance and allow you to authorize others to manage certificates and your account.

If you’re coming from Managed PKI for SSL (MSSL) or Complete Website Security (CWS), or even if you manage just a few certificates for a few different domains, check here for where to find organization and administrative management features in CertCentral.

Where are my prevalidated organizations?

Prevalidated organizations from your Symantec/GeoTrust/Thawte account are already migrated to CertCentral when you activate your new account—just go to Certificates > Organizations.

More about managing organizations in CertCentral

Where are my prevalidated domains?

Prevalidated domains from your Symantec/GeoTrust/Thawte account are already migrated to CertCentral when you activate your new account. To manage your domains, go to Certificates > Domains.

More about managing domains in CertCentral

Where do I set up and manage other administrators in CertCentral?

For your current administrators who manage certificates and requests, certificate policies, other users and permissions, and other account settings, go to Account > Users to invite them and set their access privileges.

More about managing users in CertCentral

Permission recommendations for your new CertCentral administrators

CertCentral administrator roles and permissions are different than the privileges you’re familiar with in Managed PKI for SSL (MSSL), Complete Website Security (CWS), or other Symantec/GeoTrust/Thawte consoles.

Get familiar with CertCentral user roles before adding your administrators to your account and assigning their roles. Some additional tips are:

  • Assign the CertCentral Administrator role to your current security and super administrators to make sure they maintain similar access privileges.
  • For custom roles in CWS, understand and talk about the CertCentral roles with your account manager so you can assign your admins in CertCentral.
  • For the VICE2 role in MSSL and CWS, add and assign a CertCentral API key in Account > Account Access.

For additional help and recommendations, talk to your account manager.

Where do my certificate subscribers request and manage their certificates?

For your employees and customers who request and manage their own certificates, you have these options to invite them to your account:

  • Full certificate management access—These CertCentral users are like subscribers in Managed PKI for SSL (MSSL) and Complete Website Security (CWS). They can request, receive, revoke, replace, and renew their certificates, but don’t have access to other users’ certificates or account-wide settings.
    This is recommended for server administrators and certificate owners who need to manage their certificate lifecycle without depending on other CertCentral administrators.
    When you create this user in CertCentral, assign the Standard User role. Check Limit to placing and managing their own orders.
    More about managing users in CertCentral
  • Request and receive—For users who only need to order and install their certificates. Lifecycle management is maintained by CertCentral administrators.
    This is recommended for client/device certificates or more centralized certificate management where lifecycle management is limited to 1 or a few administrators instead of many end-users.
    Send these users a Guest URL so they can order their certificates without needing to create account credentials.
    More about creating and sending Guest URLs