Skip to main content

DigiCert Software KeyStore

DigiCert provides certificate storage, where the certificate is installed locally, and the keys are protected by a PIN.

Key features include:

  • Support certificate operations

  • Support backup/restore and migration of the entire keystore

  • PIN-protected

  • Encrypted storage which prevents usage on another machine

To use the certificates stored in DigiCert Software KeyStore with browsers and other applications, you need to install the DigiCert Software KeyStore Provider (for Windows) or Token (for Mac) on your operating system. Instructions for installing or upgrading this additional software are provided under Token management.

Note

Starting from DigiCert Trust Assistant version 1.2.0, you will receive notifications for any updates to the DigiCert Software KeyStore Provider (for Windows) or Token (for Mac). For more details, refer to Notifications.

Initialize token

As a first step, you need to initialize the DigiCert Software KeyStore token.

  1. To do this, click DigiCert Software KeyStore in the left pane and click Initialize token from Quick actions.

  2. Enter a new administrator password and a new user PIN and click Initialize.

Once you initialize the token, you can see the following options under Quick actions.

Note

Refer to PIN management and Certificate management sections, for more information on the Quick actions.

Token management

Under Token Management, you will find the following options:

  • Backup Token

  • Restore Token

  • Register Provider/Token (Register Provider for Windows, Register Token for Mac)

Starting with DigiCert Trust Assistant version 1.2.0, the Register Provider/Token option will change based on the registration status of the DigiCert Trust Assistant Provider/Token:

  • If the Provider/Token is already registered, the option will display as Unregister Provider/Token.

  • If the Provider/Token is registered and a newer version is available, the option will display as Upgrade Provider/Token.

Backup token

This option takes a backup of all the keys and certificates and stores it in a DigiCert Software KeyStore-specific backup format that ends with *.bkup file extension. This option is useful when changing your workstation or operating system.

  • Click Backup token and enter the token administrator password, user PIN and a password (minimum length 8 characters) for the backup file.

  • Click Backup to take the backup of keys and certificates.

Restore token

This option restores your keys and certificates from the backup file.

  1. Select Restore token and choose the backup file. Choose the backup file. Enter the administrator password, user PIN for the DigiCert Software Keystore. Also, provide the password for the backup file when it was created.

  2. Restoring token purges the existing keys and certificates in the current keystore. Enable the checkbox Archive existing keys and certificates to archive them as a zip file. The archived zip files are available in the ~/.digicert-trust-assistant/bkup directory.

Register provider/token

This option allows you to install DigiCert Software KeyStore Provider/Token.

Note

The installation requires local administrator privilege for Windows.

  1. To register the provider/token, select Register provider/token which prompts a dialog.

  2. Selecting Submit triggers the execution of the DigiCert Software KeyStore Provider/Token installer. For Windows, you will see a system pop-up requesting you to allow the application to make changes to your workstation if you do not have local administrator privilege.

    Note

    This installer is available at <install directory>/resources/dsksprovider.msi

  3. Proceed with the on-screen steps to install and register DigiCert Software KeyStore Provider/Token.The installer binary is available at the following locations:

    • Windows: <install directory>/resources/dsksprovider.msi

    • Mac: <install directory>/resources/DSKSToken.pkg

Upgrade provider/token

This option allows you to upgrade the provider to the newer version.

Note

The upgrade requires local administrator privilege for Windows.

  1. To upgrade the provider/token, click Upgrade provider/token which prompts a dialog.

  2. Select Submit to trigger the execution of the DigiCert Software KeyStore Provider/Token installer. For Windows, you will see a system pop-up requesting you to allow the application to make changes to your workstation if you do not have local administrator privilege.

  3. For Windows, proceed with the on-screen steps to install and register the DigiCert Software KeyStore Provider. For Mac, the upgrade process is done in the background.

    Warning

    For DigiCert Trust Assistant Provider versions 1.0.3 and earlier (included with DigiCert Trust Assistant version 1.1.6 and prior), you must uninstall the older version before upgrading to a newer version. When you click Submit on the dialog, the provider will first uninstall the existing version and then install the newer version. This procedure does not apply to the Mac version.

Unregister provider/token

This option will uninstall DigiCert Software KeyStore Provider/Token from the operating system.

Warning

If you uninstall DigiCert Software KeyStore Provider/Token, you cannot use the certificates stored in DigiCert Software KeyStore from browsers and other applications.

Note

The unregister requires local administrator privilege for Windows.

  1. To unregister the provider/token, click Unregister provider/token which prompts a dialog.

  2. Select Submit to trigger the execution of the DigiCert Software KeyStore Provider/Token uninstall.

  3. For Windows, the Are you sure? dialog opens. Click OK to proceed. You will see a system pop-up if you do not have local administrator privileges. For Mac, uninstall is done in the background.