DigiCert One

About DigiCert One

DigiCert ONE is a modern PKI platform that provides a scalable foundation for fast and flexible PKI deployments. It provides an interface for managing your certificates and devices, customizing and automating workflows, and integrating DigiCert ONE with your existing PKI management tools.

In AppViewX's implementation of DigiCert One, we integrate with a key DigiCert One component, called the Trust Lifecycle Manager, which is used to perform certificate lifecycle management, discovery, notification, and automation.

Prerequisites

In order to configure DigiCert One CA account you will need the following:
  • DigiCert One account base URL
  • API Key or Client Authentication certificate (depending on the authentication mode)

Configuring a DigiCert One CA Account

  1. Go to (Menu) > SIGN+ > ADMINISTRATION > Certificate Authority.
    The Certificate Authority page is displayed.
  2. On the Certificate Authority page, from the CA list displayed in the left, select DigiCert.
    The Certificate Authority page for DigiCert is displayed.
  3. Click the DigiCert One tab.
  4. To create your first DigiCert One CA account, click Configure Now.
    OR

    Click +Add.

    The Certificate Authority page is updated to display the form fields for configuring a DigiCert One CA account.
  5. Enter/Select the General Information for the CA account.
    Table 1. General Information - Field Description Table
    Fields Description
    *CA Account name A unique name to identify the CA setting. No special characters other than ‘.’, ‘-’,’_’ are allowed. Names should not start with special characters.
    *Purpose/Usage Certificate Type for which CLM actions will be enabled

    Example: Server, Client
    Proxy Required Enable this field if the CA communication needs to happen via a proxy. The proxy details configured in general settings will be used for communication.
    Data Center (AppViewX's CA agent) Select the data center through which the CA communication needs to happen.
    *: Mandatory fields
  6. Enter/Select the CA Configuration details.
    Table 2. General Information - Field Description Table
    Fields Description
    *Base URL Hostname of DigiCert One instance. For example http://one.digicert.com
    *Authentication method From the following options, select an authentication method for authenticating the API requests:
    • API Token: To authenticate the API requests with an API token, select this option.
    • Client Certificate: To authenticate the API requests using a client certificate file, select this option.
      Important: Currently, only the API Token authentication method is supported.
    *API Key Enter the API key that will be used for authentication.
    Note: You will be assigned an API key when you login to your DigiCert One instance and create a user.
    Allow Seat ID during enrollment Seat ID is a unique user-defined value assigned to identify an entity in the DigiCert One account. The seat ID for a certificate is used for certificate enrollment, renewal, and regeneration.

    For the certificates enrolled for this CA account, you can either assign a unique seat ID for each certificate or a common one for all the certificates.

    To assign a unique Seat ID for the certificates enrolled for this CA account, select this checkbox.

    If you select this option, a field to specify the seat ID is hidden from the CA settings form and is included in the certificate enrollment form.
    *Seat ID Seat ID is a unique user-defined value assigned to identify an entity in the DigiCert One account. The seat ID for a certificate is used for certificate enrollment, renewal, and regeneration.

    To have a common Seat ID for all certificates enrolled for this CA account.

    Use DigiCert One to switch certificates from DigiCert MPKI To automatically switch your DigiCert MPKI certificates to DigiCert One at the time of auto regeneration, select this checkbox.
    Important: For multiple CA accounts with automatic CA switch enabled, CA switch will use CA settings configured for the first CA account for which the automatic CA switch is enabled.
    Note: To manually switch CAs, refer to the instructions here.
    *: Mandatory fields
  7. To fetch profiles that are assigned to the configured user which will be used during certificate enrollment, policy creation, through out the product, click Fetch Certificate Profiles.
    All certificate profile configured with “enrollment_method”: rest_api and “authentication_method”: third_party_app are displayed.
  8. Click Save.
    The CA account is listed in the inventory table.

Validating the DigiCert One CA Account Connection

Once the Digicert One CA settings are added, to validate that the connection between AppViewX and Digicert One is configured correctly:
  1. Go to (Menu) > SIGN+ > ADMINISTRATION > Certificate Authority.
    The Certificate Authority page is displayed.
  2. On the Certificate Authority page, from the CA list displayed in the left, select DigiCert.
    The Certificate Authority page for DigiCert is displayed.
  3. Click the DigiCert One tab.
    All existing DigiCert CA accounts are listed in the inventory on this page.
  4. From the Connection Status column, click Check.
    The CA communication is validated and a success/failure message is displayed.