Enrollment URLs

Users can request certificates through a web-based enrollment URL for certificate profiles configured with the following enrollment methods in DigiCert® Trust Lifecycle Manager:

Enrollment method	Description
Browser PKCS12	Enroll PKCS#12 certificates using a web-based form.
CSR	Enroll standard X.509 certificates by uploading a CSR using a web-based form.
DigiCert Trust Assistant	Enroll certificates for end user systems using the DigiCert Trust Assistant application or a web-based form.

注意

Trust Lifecycle Manager also supports web-based enrollments through the following channels. Select the links for more details.

Authenticated self-service portal: Central website where users can enroll and manage their own certificates after authenticating through SAML. To enroll certificates, the self-service portal must be enabled in your account settings and in the certificate profile.
Admin web request: Allows admins to requests certificates through the Trust Lifecycle Manager web console with automated delivery to servers, cloud services, and vaults. Requires that the Automation feature is enabled for your account.

Get the enrollment URL for a profile

Only certificate profiles configured with enrollment methods Browser PKCS12, CSR, DigiCert Trust Assistant provide web-based URLs for enrolling certificates. The way you get the enrollment URL for each profile depends on the selected authentication method for verifying certificate requests from users:

Authentication method	Description
Enrollment Code	To get the enrollment URL, enroll a seat against the profile in Trust Lifecycle Manager and configure the enrollment code for it. When you do so, Trust Lifecycle Manager emails the enrollment URL to the user. To complete the request, the user must open this link and input the correct enrollment code. For details, see Prepare enrollment codes for authentication.
Manual Approval	Get the enrollment URL from the summary at the top of the profile details page. Copy the value of the Enrollment URL field and provide it to users who need to request certificates from the profile. The certificate gets issued once an admin approves the request in Trust Lifecycle Manager. For details, see Manage enrollment requests.
SAML IdP	Get the enrollment URL from the summary at the top of the profile details page. Copy the value of the SAML SP Enrollment URL field and provide it to users who need to request certificates from the profile. To complete each request, the user must authenticate via the SAML identity provider (IdP) configured in the profile.

Request certificates from the enrollment URL

Users can request certificates from the enrollment URL as follows:

Open the enrollment URL in a web browser.
Fill out the fields in the the web form. Required fields depend on the enrollment and authentication methods, plus the certificate properties configured in the profile.
- For enrollment method CSR, the user must enter a valid certificate signing request (CSR) in PEM-encoded format.
- For authentication method Enrollment Code, the user must enter a valid enrollment code.
- Some enrollments require a Requester email field. This email address is used to send notifications about the request and the issued certificate.
- Some enrollments have an optional Comments field to provide comments to Trust Lifecycle Manager admins. These comments are visible in the Enrollment details in Inventory.
Select Submit to submit the enrollment request.

Each enrollment request gets verified based on the authentication method configured in the profile. See the preceding table for details.

Once verified, the certificate gets issued in Trust Lifecycle Manager and delivered to the requester.

Add branding to the enrollment pages

To apply custom branding to the public-facing enrollment URLs, go to your account settings in Trust Lifecycle Manager:

From the Trust Lifecycle Manager menu, go to Account > Settings > Branding.
Make selections on each screen of the branding wizard, as described below.
Select Next to progress to the next screen, Preview to see how the current selections will look once applied, or Back if you want to change any of your previous selections.
- Brand elements:
  - Upload a logo or enter your organization name to show in the header on public-facing pages and email notifications.
  - Maximum image dimensions for logos are 240x50 pixels.
- Theme selection:
  - Select colors for the header, footer, buttons, and page background on public-facing pages and the self-service portal.
  - To change the color for a page element, select the current value and then use the inputs to enter a custom hex color.
- Fonts configuration:
  - Select a font family and enter a base font size in pixels for public-facing pages and the self-service portal.
  - Enter hex colors for the fonts in different text areas including the page body, field descriptions, links, and footer.
Once you're ready, select Save to save your current branding selections.

What's next

Once a web-based enrollment request is authenticated, the user (requester) receives an email notification and the certificate gets delivered:

For enrollment methods Browser PKCS12 and CSR, the certificate is attached to the email sent to the user.
For enrollment method DigiCert Trust Assistant, the certificate gets provisioned via the DigiCert Trust Assistant application on the user's computer.

Admins can view and manage the issued certificates from the Inventory > Certificates page in Trust Lifecycle Manager.

本节内容如下:

Enrollment URLs

注意

Get the enrollment URL for a profile

Request certificates from the enrollment URL

Add branding to the enrollment pages

What's next

搜索结果