Skip to main content

Create an ACME-based profile for private CertCentral certificates

Before you begin

You need a connector that links DigiCert​​®​​ Trust Lifecycle Manager to your CertCentral account.

Create the certificate profile

  1. From the DigiCert​​®​​ Trust Lifecycle Manager main menu, select Policies > Certificate profiles.

  2. Select the Create profile from template button at top.

  3. Select the CertCentral Private Server Certificate template as the basis for creating the profile.

  4. Fill in the Primary options for your new certificate profile:

    • Profile name: Enter a friendly name for this profile.

    • Business unit: Select the business unit (BU) for certificates issued from this profile. The business unit needs Certificate management seats allocated to it before certificates can be issued (see Prerequisites).

    • Certificate type: Select the type of private certificates (CertCentral product type) to issue.

    • Issuing CA: Select which certificate authority will issue the certificates (either a private DigiCert CA or one of your own private CAs in CertCentral).

    • Enrollment method: Select 3rd-party ACME client.

  5. Select the Certificate options for certificates issued from this profile:

    • Certificate expires in: Enter the validity period length and select units.

  6. Select any Additional options for:

    • Email configuration and notifications: Email communications settings for certificate lifecycle event notifications.

    • Organization and contact details: Select an organization and enter any contact details specific to certificates issued with this profile.

      • Tip: Select the Hide non-validated organizations option to list only prevalidated organizations.

    • Tags: Enter custom tags to apply to all certificates issued from this profile. Tags help identify the certificates for tracking and management purposes.

  7. Select Create to save the new certificate profile and generate the ACME credentials for it. The ACME URL and EAB credentials popup window launches, showing the following fields:

    • ACME Directory URL: Base URL to use when requesting certificate automations. For hosted DigiCert ONE accounts, this should be https://one.digicert.com/mpki/api/v1/acme/v2/directory

    • KID: Key identifier for your new certificate profile.

    • HMAC key: Used to encrypt and authenticate your account key during automation events.

  8. Copy your unique external account binding (EAB) credentials and store them somewhere safe. You can use the "copy" icon next to each field to copy it into your clipboard or select the Copy all button to copy them all at once.

  9. After copying the new ACME credentials, Close the popup window.

Note

When you create an ACME-based certificate profile, the ACME credentials for it are displayed only once. There is no way to retrieve this information once you have navigated away from it. If you ever lose your ACME credentials, you will need to regenerate the ACME credentials for that profile.