Skip to main content

Enrollment URLs

Users can request certificates through a web-based enrollment URL for certificate profiles configured with the following enrollment methods in DigiCert​​®​​ Trust Lifecycle Manager:

Enrollment method

Description

Browser PKCS12

Enroll PKCS#12 certificates using a web-based form.

CSR

Enroll standard X.509 certificates by uploading a CSR using a web-based form.

DigiCert Trust Assistant

Enroll certificates for end user systems using the DigiCert Trust Assistant application or a web-based form.

注意

Trust Lifecycle Manager also supports web-based enrollments through the following channels. Select the links for more details.

  • Authenticated self-service portal: Central website where users can enroll and manage their own certificates after authenticating through SAML. To enroll certificates, the self-service portal must be enabled in your account settings and in the certificate profile.

  • Admin web request: Allows admins to requests certificates through the Trust Lifecycle Manager web console with automated delivery to servers, cloud services, and vaults. Requires that the Automation feature is enabled for your account.

Get the enrollment URL for a profile

Only certificate profiles configured with enrollment methods Browser PKCS12, CSR, DigiCert Trust Assistant provide web-based URLs for enrolling certificates. The way you get the enrollment URL for each profile depends on the selected authentication method for verifying certificate requests from users:

Authentication method

Description

Enrollment Code

To get the enrollment URL, enroll a seat against the profile in Trust Lifecycle Manager and configure the enrollment code for it. When you do so, Trust Lifecycle Manager emails the enrollment URL to the user. To complete the request, the user must open this link and input the correct enrollment code. For details, see Prepare enrollment codes for authentication.

Manual Approval

Get the enrollment URL from the summary at the top of the profile details page. Copy the value of the Enrollment URL field and provide it to users who need to request certificates from the profile. The certificate gets issued once an admin approves the request in Trust Lifecycle Manager. For details, see Manage enrollment requests.

SAML IdP

Get the enrollment URL from the summary at the top of the profile details page. Copy the value of the SAML SP Enrollment URL field and provide it to users who need to request certificates from the profile. To complete each request, the user must authenticate via the SAML identity provider (IdP) configured in the profile.

Request certificates from the enrollment URL

Users can request certificates from the enrollment URL as follows:

  1. Open the enrollment URL in a web browser.

  2. Fill out the fields in the the web form. Required fields depend on the enrollment and authentication methods, plus the certificate properties configured in the profile.

    • For enrollment method CSR, the user must enter a valid certificate signing request (CSR) in PEM-encoded format.

    • For authentication method Enrollment Code, the user must enter a valid enrollment code.

    • Some enrollments require a Requester email field. This email address is used to send notifications about the request and the issued certificate.

    • Some enrollments have an optional Comments field to provide comments to Trust Lifecycle Manager admins. These comments are visible in the Enrollment details in Inventory.

  3. Select Submit to submit the enrollment request.

Each enrollment request gets verified based on the authentication method configured in the profile. See the preceding table for details.

Once verified, the certificate gets issued in Trust Lifecycle Manager and delivered to the requester.

Add branding to the enrollment pages

To apply custom branding to the public-facing enrollment URLs, go to your account settings in Trust Lifecycle Manager:

What's next

Once a web-based enrollment request is authenticated, the user (requester) receives an email notification and the certificate gets delivered:

  • For enrollment methods Browser PKCS12 and CSR, the certificate is attached to the email sent to the user.

  • For enrollment method DigiCert Trust Assistant, the certificate gets provisioned via the DigiCert Trust Assistant application on the user's computer.

Admins can view and manage the issued certificates from the Inventory > Certificates page in Trust Lifecycle Manager.