DigiCert SSL Integration with Password Manager Pro
Password Manager Pro integrates with DigiCert certificate signing authority, allowing enterprises to automate the end-to-end management of web server certificates signed and issued by DigiCert, from a centralized platform. This document discusses the steps to manage the life cycle operations of SSL/TLS certificates issued by DigiCert, directly from Password Manager Pro's web interface; these operations include importing existing orders, certificate requests, provisioning, deployment, and renewal of certificates.
Before you proceed with the integration, complete the following step as a prerequisite:
Prerequisite
Add the following base URL and port as an exception in your firewall or proxy to ensure Password Manager Pro is able to connect to DigiCert's CA Services.
URL: https://www.digicert.com/services/v2/
Port: 443
Follow the step-by-step procedure below to integrate DigiCert with Password Manager Pro:
- Configuring DigiCert CertCentral API key details
- Pre-validating organizations/domains in DigiCert CertCentral
- Importing existing orders
- Creating a certificate order
- Issuing certificates
- Managing certificates
1. Configuring DigiCert CertCentral API Key Details
To request and manage DigiCert certificates from Password Manager Pro, you need to link your Password Manager Pro account with your DigiCert CertCentral account. To achieve this, you must apply your CertCentral API key details in Password Manager Pro.
If you do not have a DigiCert account already, follow the steps below to sign up for a new account:
- Go to DigiCert's sign up page and fill in the required details.
- Once the account is created, navigate to DigiCert's login page and log into the CertCentral portal using your DigiCert credentials.
- Once logged in, generate your CertCentral API key by following the below steps.
1.1 Steps to Generate API Key in DigiCert CertCentral
- Go to Automation on the left pane of the CertCentral portal and click Add API Key.
- In the window that opens, enter a Name and Description for the API key, assign a User. The user assigned should have admin privileges in digicert.
- Click Add.
- A new API key is generated and displayed in a different window. Copy the key and store it in a secure location, for it will not be displayed again.
Click here for more about CertCentral account creation and API key generation process.
1.2 Steps to Apply the API Key in Password Manager Pro
- Once you have generated the API key, login to Password Manager Pro and navigate to Certificates >> DigiCert.
- You will be prompted to enter the API key. Provide the key details and click Save (Remember, applying the API key in Password Manager Pro is a one-time operation).
Now the key is saved and your CertCentral account is successfully linked to your Password Manager Pro account.
2. Pre-validating Organizations/Domains in DigiCert CertCentral
(To be performed in the DigiCert CertCentral portal)
Before placing orders for DigiCert certificates from Password Manager Pro, you must have your domains/organizations pre-validated from the DigiCert CertCentral portal. Once the pre-validation process is complete, you can proceed with certificate issuance and renewals for those domains/organizations. Read more about the pre-validation process in the CertCentral user guide.
3. Importing Existing Orders
The next step is to import all certificate orders from your CertCentral portal into the Password Manager Pro repository. Follow the below steps:
- Navigate to the Certificates >> DigiCert tab.
- Click Import Existing Orders from the More dropdown in the top bar.
- Select the Expired or Revoked option to exclude the expired or revoked certificates from getting added to the Password Manager Pro certificate repository during import. This can save the license count for SSL certificates in your installation without affecting the number of order details fetched into Password Manager Pro.
- Once the required option is selected, click Import.
All the existing certificate orders associated with your DigiCert CertCentral account will be imported into the Password Manager Pro repository.
4. Creating a Certificate Order
Once you have successfully linked your CertCentral account to your Password Manager Pro account by providing the API key details, you can place orders for DigiCert SSL/TLS certificates directly from the Password Manager Pro interface.
Follow the below steps to place a new certificate order:
- Navigate to Certificates >> DigiCert and click Order Certificate.
- In the Order Certificate window, choose the Product Name, Validity, Signature Algorithm, Algorithm Length, Keystore Type, Server Platform, Payment Method and Organization.
- Enter the Common Name. You can also specify the Validity in number of days, or enter a Custom Expiration Date.
- After filling in the details, click Create.
- Product name, payment, and organization fields are fetched and displayed according to the permissions provided in the CertCentral portal.
- For certificate validity, the value given for Custom Expiry Date overrides the values given for Validity Days and Validity in years. The value given for Validity Days overrides the value given for Validity.
- The payment for orders placed from Password Manager Pro is handled by the CertCentral portal. If you face any issues with the payment, please contact the CertCentral customer support team.
5. Issuing Certificates
- Once a certificate order is successfully created, you can view it under the Certificates >> DigiCert tab along with the certificate order status.
- To track the certificate availability for an order, select the order and click Check Order Status from the top bar. The order status is checked automatically through a schedule every day. During the scheduled check if the certificate is available, it is fetched and added to the Password Manager Pro certificate repository.
- To track the validation status for domains/organizations from Password Manager Pro, choose an order and click More >> Check Validation Status from the top menu.
- To filter your order view according to the order status, click the Show dropdown from the top menu and select from the options Expired, Revoked, or Rejected to customize your repository display. For other statuses such as Issued or Pending, select the Other option.
Note: Certificates issued are automatically added to the Password Manager Pro repository only if you have the required license count. If not, you need to purchase an add-on for more keys and certificates before attempting to import new certificates.
6. Managing Certificates
Follow the below steps to renew, revoke, delete or request reissue for certificates or cancel certificate orders from Password Manager Pro.
Navigate to Certificates >> DigiCert.
6.1 Renewing a Certificate
- Select the required certificate and click Renew Certificate from the top bar.
- Ensure that you have the domain(s) / organization pre-validated from CertCentral portal before requesting for a renewal.
- On successful validation, certificate is issued and automatically added to the Password Manager Pro certificate repository.
6.2 Requesting for a Certificate Reissue
- Select the required certificate and click Reissue Certificate from the top bar.
- Ensure that you have the domain(s) / organization pre-validated from CertCentral portal before requesting for a certificate reissue.
- On successful validation, the certificate is reissued and automatically added to the Password Manager Pro certificate repository.
6.3 Revoking a Certificate
- Select the required certificate and click Revoke Certificate from the More dropdown in the top bar.
- The certificate is revoked. Switch to Certificates tab and delete the certificate to remove it from the Password Manager Pro repository.
6.4 Deleting a Certificate Request
- Select the required order and click Delete from the More dropdown in the top bar.
- The certificate request is deleted from Password Manager Pro.
6.5 Canceling a Certificate Order
- Select the required order and click Cancel Order from the More dropdown in the top bar.
- The certificate order is canceled.