Top

Integration with DigiCert SSL

Key Manager Plus facilitates integration with DigiCert signing authority, making it possible for enterprises to automate the end-to-end management of web server certificates signed and issued by DigiCert from a centralized platform. This document discusses the steps to manage the life cycle operations of SSL/TLS certificates issued by DigiCert directly from Key Manager Plus' web interface—right from importing existing orders, certificate request and provisioning, to deployment, renewal and thereupon.

Before you proceed with the integration, complete the following step as a prerequisite:

Prerequisite

Add the following base URL and port as an exception in your firewall or proxy to ensure Key Manager Plus is able to connect to DigiCert's CA Services.
URL: https://www.digicert.com/services/v2/
Port: 443

Follow the step-by-step procedure below to integrate DigiCert with Key Manager Plus:

1. Configure CertCentral API Key Details in Key Manager Plus

The first step to request and manage DigiCert certificates from Key Manager Plus is to link both your Key Manager Plus and CertCentral accounts by configuring your CertCentral API key details in Key Manager Plus.

Case 1: You do not have a DigiCert account

If you do not have a DigiCert account already, follow the steps below to sign up for a new account and generate your CertCentral API key. 

  1. Go to https://www.digicert.com/account/signup/ and sign up for a new account by filling in the details requested. 
  2. Once you have successfully created your account, navigate to https://www.digicert.com/secure/, and use your DigiCert credentials to log into the CertCentral portal.
  3. Once inside CertCentral, the next step is to generate an API key and supply the credentials in Key Manager Plus. To generate your CertCentral API key,
    1. Click Automation on the left pane of the CertCentral portal and click Add API Key.
    2. In the window that opens, give a name / description for the API key, assign a user. The user assigned should have admin privileges in digicert. 
    3. Click Add.
    4. A new API key is generated and displayed in a different window. Copy the key and store it in a secure location, for it will not be displayed again.
    5. Click here for a more detailed explanation on CertCentral account creation and API key generation process.
  4. Once you have generated the API key, switch to Key Manager Plus interface, navigate to SSL → DigiCert
  5. You will be prompted to enter the API key. Provide the API key and click Save. This is a one-time operation.
  6. The key is saved. Your CertCentral account is now successfully linked with your Key Manager Plus account.

Case 2: You have a DigiCert account

If you have an account with DigiCert CertCentral already, all you have to do is generate your API key from the CertCentral portal and provide it in Key Manager Plus.

  1. Login to your CertCentral account, and generate the API key using the steps mentioned above.
  2. Once you have generated the API key, switch to Key Manager Plus interface, navigate to SSL → DigiCert.
  3. You will be prompted to enter the API key. Provide the key details and click Save. This is a one-time operation.
  4. The key is saved. Your CertCentral account is now successfully linked with your Key Manager Plus account.  

2. Pre-validate Organizations and Domains in CertCentral

(To be performed in CertCentral portal)

Before placing orders for DigiCert certificates from Key Manager Plus, it is necessary that you have your domains / organizations pre-validated from the CertCentral portal. Once the pre-validation process is complete, future certificate issuance and renewals for those domains / organizations become pretty straight forward. Refer the CertCentral user guide for a more detailed explanation on the pre-validation process.

3. Import Existing Orders

The next step is to import all certificate orders from your CertCentral portal into Key Manager Plus. To import existing orders,

  1. Navigate to SSL >> DigiCert tab in Key Manager Plus.
  2. Click Import Existing Orders from the More top menu.
  3. When importing the existing orders, you can choose to exclude the expired or revoked certificates from being added to Key Manager Plus certificate repository.(This option is basically provided to help you save license count by excluding the addition of unnecessary certificates into Key Manager Plus. However, irrespective of the option chosen, all the order details are imported into Key Manager Plus.)
  4. Select the required option and click Import
  5. All the existing certificate orders associated with your CertCentral account are imported into Key Manager Plus.

4. Create new Certificate Orders

Once you have successfully linked both your CertCentral and Key Manager Plus accounts by providing the API key details, you can place orders for DigiCert SSL/TLS certificates directly from Key Manager Plus.

To place a new certificate order,

  1. Navigate to  SSL → DigiCert tab in Key Manager Plus, and click Order Certificate.
  2. In the window that opens, choose the product name, validity, signature algorithm, algorithm length, keystore type, server platform, payment method, and organization.
  3. Provide the common name. You can additionally specify the validity in number of days, or provide a custom expiration date. 
  4. After filling in the details, click Create.

Notes:

  1. Product name, payment, and organization fields are fetched and displayed according to the permissions provided in CertCentral portal.
  2. For certificate validity, inputs given for 'Custom Expiry Date' overrides 'Validity Days' which in turn overrides the input given for 'Validity'.
  3. The payment for orders placed from Key Manager Plus is handled by the CertCentral portal. Should you face any issues / discrepancies with payment, please contact the CertCentral customer support team. 

5. Certificate Issue

  1. Once a certificate order is successfully created, you can view it under SSL >> DigiCert tab with its status displayed to the right view. 
  2. You can track the certificate availability for an order by selecting the order and clicking on Check Order Status from the top menu. 
  3. If the certificate is issued, it is fetched and added to Key Manager Plus certificate repository.
  4. Also, the order status is checked automatically everyday on a scheduled basis. If the certificate is available, it is fetched and added to Key Manager Plus certificate repository.
  5. Additionally, you can track the validation status for domains / organizations from Key Manager Plus. Choose an order and click Check Validation Status from the top menu.
  6. To filter your order view according to the order status, click the Show drop-down from the top menu and select from the options Expired, Revoked, or Rejected to customize your repository display. For other statuses such as Issued or Pending, select the Other option.

 

 

Note: Certificates issued are automatically added to Key Manager Plus repository, only if you have the required license count. If not, you need to renew your Key Manager Plus license before attempting to import the certificate.

6. Renew, Reissue, Revoke, and Delete Certificates

You can renew, reissue, revoke, delete or request reissue for certificates or cancel certificate orders from Key Manager Plus.

To renew a certificate,

  1. Navigate to SSL >> DigiCert tab.
  2. Select the required certificate and click Renew Certificate from the top menu.
  3. Ensure that you have the domain(s) / organization pre-validated from CertCentral portal before requesting for a renewal.
  4. On successful validation, certificate is issued and is automatically added to Key Manager Plus certificate repository.

To request for a certificate reissue,

  1. Navigate to SSL >> DigiCert tab.
  2. Select the required certificate and click Reissue Certificate from the top menu.
  3. Here again, ensure that you have the domain(s) / organization pre-validated from CertCentral portal before requesting for a certificate reissue.
  4. On successful validation, the certificate is reissued and is automatically added to Key Manager Plus certificate repository.

To revoke a certificate,

  1. Navigate to SSL >>DigiCert tab.
  2. Select the required certificate and click Revoke Certificate from the More top menu.
  3. The certificate is revoked. Switch to SSL >> Certificates tab and delete the certificate to remove it from Key Manager Plus' repository.

To delete a certificate request,

  1. Navigate to SSL >> DigiCert tab.
  2. Select the required order and click Delete from the More top menu.
  3. The certificate request is deleted from Key Manager Plus.

To cancel a certificate order,

  1. Navigate to SSL >> DigiCert tab.
  2. Select the required order and click Cancel Order from the More top menu.
  3. The certificate order is canceled.