Skip to main content

Create automation profiles for private CA Manager certificates

Before you begin

You need available Server seats allocated to the business unit where certificates will be issued.

Create the certificate profile

  1. From the main menu, select Policies > Certificate profiles.

  2. Select the Create profile from template button at top.

  3. Select the CA Manager Private Server Certificate template as the basis for creating the profile.

  4. Fill in the Primary options for your new profile:

    • Profile name: Enter a friendly name for this profile.

    • Business unit: Select the business unit for certificates issued from this profile.

    • Issuing CA: Select which of your certificate authorities in DigiCert ONE DigiCert® CA Manager will issue the certificates.

    • Enrollment method:

      • Select DigiCert agent to install certificates to web servers using DigiCert agents.

      • Select DigiCert sensor to install certificates to network appliances or cloud services using DigiCert sensors.

      • Select 3rd-party ACME client to request and install certificates using a third-party ACME client instead of DigiCert's managed automation tools.

  5. Select the Certificate options for certificates issued from this profile:

    • Certificate expires in: Enter the validity period length and select units.

    • Algorithm: Select the cryptographic algorithm.

    • Key type: Select the certificate key type.

    • Key size: Select the certificate key size.

    • Renewal options: Select whether auto-renewal should be enabled for certificates. If enabled, select whether to renew certificates 30 days before expiration or set up a custom schedule.

    • Subject DN and SAN fields: Select options for the Distinguished Name (DN) and Subject Alternative Name (SAN) in certificate requests.

      • The Common name and DNS name fields are mandatory and prefilled for you. These are the only supported fields for automation of Private CA Manager certificates.

        Warning

        To avoid automation failures, do not add any additional fields to the certificate profile.

      • Check Multiple for the DNS name field if certificates will secure multiple domain names.

      • Entered by User means the field’s value will be supplied by the user when initiating a lifecycle automation event.

      • From CSR means the field’s value will come from a CSR file.

  6. Select any Extensions for certificates issued from this profile:

    • Key usage: Allowed security services for the certificate keys.

    • Extended key usage: How certificate public keys can be used.

  7. Select any Additional options for:

    • Email configuration and notifications: Email communications settings for certificate lifecycle event notifications.

    • LDAP search: Whether certificates should be searchable via LDAP.

    • Organization and contact details: Select an organization and enter any contact details specific to certificates issued from this profile.

    • Tags: Enter custom tags to apply to all certificates issued from this profile. Tags help identify the certificates for tracking and management purposes.

  8. When you are ready, select Create to save the new certificate automation profile.

: