Skip to main content

Self-service portal

Go to Account > Settings > Self-service portal to enable the DigiCert​​®​​ Trust Lifecycle Manager self-service portal where end users can go to search, download, or manage their own certificates. You can enable one or both of the following portal types:

  • Open portal: Does not authenticate and only allows users to search/download existing certificates or pick up newly enrolled certificates. To search and download a certificate, users need to know the exact common name, email address, or serial number associated with it.

  • Authenticated portal: Allows end users to search/download, enroll/pick up, and manage their own certificates after authenticating via SAML. You can configure the specific certificate management operations that portal users are allowed to perform including enrollment, renewal, revocation, key recovery, or suspend/reinstate.

After enabling one of these self-service portals, the system generates a unique portal URL and QR code to share with any users who need access.

Before you begin

  • The Trust Lifecycle Manager Self service portal feature must be enabled for your account in DigiCert® Account Manager. Contact your DigiCert account representative to verify or enable this feature.

  • To configure the self-service portal, you need the SSP Manager user role for Trust Lifecycle Manager or a custom user role that includes the SSP Portal config permission. To learn more, see Users and access.

  • Only certificates issued from a profile with the Enable self-service portal option can be accessed from the self-service portal. To learn more, see Create certificate profiles and Manage certificate profiles.

Enable the open portal

  1. From the Trust Lifecycle Manager main menu, select Account > Settings > Self-service portal.

  2. If you have not previously configured the self-service portal, you see a basic overview page about this feature. Select the Start configuring button to proceed with configuring the self-service portal.

    If one of the portals was previously enabled, you see the details page instead. Select the edit (pencil) icon to update the configuration.

  3. Make sure the option to enable the Open portal is checked off.

  4. (Optional) Select the checkbox to allow open portal users to request revocation of their certificates. If enabled, users can initiate certificate revocation from the open portal and DigiCert confirms the request by sending an email challenge to the email address in the certificate.

    Warning

    Enable this feature with caution, understanding the risk of being able to revoke someone else’s certificate if you have access to their email account.

  5. (Optional) Select the general option to allow management of Discovery or Imported certificates. If enabled, both open and authenticated portal users have visibility of certificates discovered by or imported into Trust Lifecycle Manager.

  6. Select the Configure or Update button to save your changes.

  7. On the details page, copy the Portal URL and/or QR code for the open portal. Provide these to end users to be able to search and download certificates from profiles with the self-service option enabled.

Enable the authenticated portal

  1. From the Trust Lifecycle Manager main menu, select Account > Settings > Self-service portal.

  2. If you have not previously configured the self-service portal, you see a basic overview page about this feature. Select the Start configuring button to proceed with configuring the self-service portal.

    If one of the portals was previously enabled, you see the details page instead. Select the edit (pencil) icon to update the configuration.

  3. Make sure the option to enable the Authenticated portal (via SAML) is checked off.

  4. Configure your identity provider options for user authentication:

    1. Upload your identity provider (IdP) metadata: Drag/drop or select an XML file containing the metadata for your IdP.

    2. Verify parsed values: Verify the values for your IdP from the metadata you uploaded and make changes if needed.

    3. Signing options: Select which SAML messages to sign with the service provider's certificate.

  5. Under Certificate management operations, select which operations end users are allowed to perform via the self-service portal after authenticating.

  6. (Optional) Select the general option to allow management of Discovery or Imported certificates. If enabled, both open and authenticated portal users have visibility of certificates discovered by or imported into Trust Lifecycle Manager.

  7. Select the Configure or Update button to save your changes.

  8. On the details page, copy the Portal URL and/or QR code for the authenticated portal. Provide these to end users to be able to search, download, or manage certificates from profiles with the self-service option enabled.

Disable or re-enable portal access

Edit the self-service portal to disable or re-enable access to either the open or authenticated portal:

  1. From the Trust Lifecycle Manager main menu, select Account > Settings > Self-service portal.

  2. Select the edit (pencil) icon on the right.

  3. Uncheck the Open portal or Authenticated portal option to disable it, or check it off to re-enable access.

  4. Select the Update button to apply the changes.

Check the portal configuration

Verify the portal details by selecting Account > Settings > Self-service portal from the Trust Lifecycle Manager main menu:

  • Open portal:

    • If the open portal is enabled, the Portal URL and QR code are listed. Share these with end users to search and download certificates.

    • If no values are shown, the open portal is disabled.

  • Authenticated portal:

    • If the authenticated portal is enabled, the Portal URL and QR code are listed. Share these with end users to search, download, and manage certificates.

    • The remaining details show the SAML configuration for authenticating users and the allowed certificate management operations.

    • If no values are shown, the authenticated portal is disabled.

  • Certificate profiles and enrollment URLs:

    • Lists all certificate profiles in your account with the Enable self-service portal option selected. Only certificates issued from one of these profiles can be accessed through the open or authenticated self-service portal.

    • The Enrollment URL for each profile allows authenticated users to enroll their own certificates from that profile if the authenticated self-service portal is enabled and the "Enrollment" certificate management operation is selected for it. This URL is also shown on the profile details page.

Apply branding to the self-service portal

Use the Account > Settings > Branding function to customize public-facing pages including the self-service portal.

To learn more, see Branding.