Add certificate profiles to enroll new certificates via Microsoft CA connector
To use DigiCert® Trust Lifecycle Manager to enroll new certificates from an integrated Microsoft CA server, you need to create certificate profiles in Trust Lifecycle Manager for the Microsoft issuing CA.
Each profile corresponds to a specific type of certificate as defined by a Microsoft certificate template on the integrated Microsoft CA server. Trust Lifecycle Manager supports enrollment of private server and user certificates from a Microsoft CA via a connector.
Before you begin
The following tasks need to be completed before creating Microsoft-based certificate profiles in Trust Lifecycle Manager:
Microsoft CA server configured to support the integration, including Microsoft certificate templates with the required permissions.
Microsoft CA connector added in Trust Lifecycle Manager and in an active state.
Certificate management seats available in your Trust Lifecycle Manager account.
Add a certificate profile for Microsoft CA issuance
From the Trust Lifecycle Manager main menu, select Policies > Certificate profiles.
Select the Create profile from template button.
Select one of the following base templates as the basis for creating the new certificate profile:
Microsoft CA Private Server Certificate: To enroll private server certificates from the Microsoft CA.
Microsoft CA User Certificate: To enroll private user certificates from the Microsoft CA.
Configure the basic properties for the new profile:
Name: Assign a friendly name to this profile.
Business unit: Select a business unit for certificates issued from this profile.
Connector: Select the connector for the Microsoft CA you want to issue from.
Issuing CA certificate template: Select the certificate template from the Microsoft CA for the type of certificates you want to issue. The basic properties of the issued certificates come from the Microsoft certificate template you select here.
Caution
If no Microsoft certificate templates are listed in this dropdown, there is a permissions problem on the Microsoft CA server. Make sure the security group for the DigiCert integration is added to both the Microsoft certificate templates and the top-level CA with the correct permissions. See Configure Microsoft CA server to prepare for integration for more information.
Select an Enrollment method for how to submit enrollment requests for this certificate profile. If applicable, also select an Authentication method for how to validate enrollment requests.
Select Next to proceed to the next and subsequent profile configuration screens, making selections for any configurable settings.
Caution
Basic certificate properties come from the Microsoft certificate template you selected and cannot be modified here. To adjust the properties of issued certificates, update them in the corresponding certificate template on the Microsoft CA server.
On the final screen(s), configure any applicable administrative options for the new certificates, such as notifications, contacts, and delivery options. Optionally apply Tags to issued certificates to help categorize and manage them in Trust Lifecycle Manager.
Select Create to save the new certificate profile.
What's next
With Microsoft-based certificate profiles in place, you are ready to enroll new certificates from the Microsoft issuing CA using the enrollment methods you selected in your profiles.
Any new Microsoft certificates you enroll can be tracked and managed from the main Inventory page in Trust Lifecycle Manager alongside your other digital trust assets.
Go to Policies > Certificate profiles if you need to update your existing Microsoft-based certificate profiles or add new ones.