Skip to main content

Available self-service portal actions

Available self-service actions depend on the portal type. When you configure the portal, you select which actions to allow.

注意

You can allow different self-service management operations for discovered/imported certificates versus those issued through Trust Lifecycle Manager. For certificates issued through Trust Lifecycle Manager, you can allow different management operations per certificate profile.

Open portal

The open portal does not authenticate users and only supports the following self-service actions:

Action

Description

Search

Search for an existing certificate. The user must know the exact common name, email address, or serial number.

Download

Download a certificate after a successful search or a new enrollment.

Revocation

Request revocation of an existing certificate. The request gets sent to the email address in the certificate's SubjectDN:email or SAN:rfc822Name field, with a link to verify and complete the revocation process.

Note: Enable this feature with caution, understanding the risk of being able to revoke someone else’s certificate if you have access to their email account.

Authenticated portal

The authenticated portal verifies users' identities via SAML. Once authenticated, users can access and manage certificates that meet any of the following criteria:

Certificate matching criteria

How to search

Issued from a certificate profile that uses the SAML IdP authentication method and is configured to allow access from the user's SAML NameID.

These certificates get automatically loaded when the user logs into the authenticated portal. They can be searched using the User ID input on the portal page.

The certificate requester field in Trust Lifecycle Manager matches the user's SAML NameID.

Use the Email input on the portal page to search for matching certificates.

The certificate’s SubjectDN:email or SAN:rfc822Name field includes the user's SAML NameID.

Use the Email input on the portal page to search for matching certificates.

After displaying an accessible certificate, authenticated users can manage the certificate with the following self-service actions:

Action

Description

Renewal

Renew certificates that are approaching expiration and within the renewal window.

Revocation

Permanently revoke certificates.

Suspend/Resume

Temporarily suspend certificates or resume suspended ones.

Key recovery

Recover certificates and keys with escrowing enabled:

  • For discovered or imported certificates, key recovery only works if the certificate was uploaded in PKCS12 format.

  • For certificates issued through Trust Lifecycle Manager, key recovery only works for S/MIME certificates issued from a certificate profile with the DigiCert cloud key escrow option enabled.

Manage certificate owners

Update the list of assigned certificate owners who receive email notifications about a certificate.

Reissue certificate

Issue the same certificate with the same validity dates, but a new serial number. Use this action to request a fresh certificate after making changes to one of your certificate profiles, or to get the next certificate in a CertCentral multi-year plan. Users must provide SAN:dnsServer names to complete the reissue action.

This action is only available for public and private CertCentral certificates.

Authenticated users can also use the following self-service actions to request new certificates:

Action

Description

Enrollment

Enroll new certificates from a certificate profile with the self-service portal option enabled and the following criteria:

  • Issuing CA in DigiCert® Private CA or CertCentral.

  • Web-based enrollment method (Browser PKCS12, CSR, or DigiCert Trust Assistant).

  • Authentication method is Manual Approval or SAML IdP.

Pick up

Pick up a new certificate after admin approval.

Cancel

Cancel pickup of an approved certificate request.