# Integrating DigiCert SSL Certificate Authority with Key Manager Plus Cloud

Key Manager Plus Cloud facilitates integration with DigiCert certificate signing authority, allowing enterprises to automate the end-to-end management of web server certificates signed and issued by DigiCert, from a centralized platform. This document discusses the steps to manage the lifecycle of SSL certificates issued by DigiCert, directly from Key Manager Plus Cloud; these operations include importing existing orders, requesting certificates, provisioning, deploying certificates, and renewing certificates.

Follow the step-by-step procedure below to integrate DigiCert CA with Key Manager Plus Cloud:

1. [Configuring DigiCert CertCentral API Key Details](#configuring-digicert-certcentral-api-key-details)
2. [Importing Existing Certificate Orders](#importing-existing-certificate-orders)
3. [Creating New Certificate Orders](#creating-new-certificate-orders)
4. [Checking Order Status](#checking-order-status)
5. [Managing Certificates Issued by DigiCert CA](#managing-certificates-issued-by-digicert-ca)

## 1. Configuring DigiCert CertCentral API Key Details

To request and manage DigiCert certificates from Key Manager Plus Cloud, link the Key Manager Plus Cloud account with your DigiCert CertCentral account. To achieve this, apply your CertCentral API key details in Key Manager Plus Cloud.

**Case 1: When you do not have a DigiCert account**

If you do not have a DigiCert account already, follow the steps below to sign up for a new account:

1. Go to the [DigiCert sign up page](https://www.digicert.com/account/signup/) and fill in the required details to sign up for an account.
2. Once the account is created, navigate to the [DigiCert login page](https://www.digicert.com/secure/) and log into the CertCentral portal using your DigiCert credentials.
3. Once logged in, generate your CertCentral API key by following the below steps.
4. Navigate to **Automation** on the left pane of the CertCentral portal and click **Add API Key**.
5. In the window that opens, enter a **Name** and **Description** for the API key, and assign a **User**. The user assigned should have admin privileges in DigiCert.

**Additional Detail**

The user assigned should have admin privileges in DigiCert.

6. Click **Add** to generate a new API key. It is generated and displayed in a different window. Copy the key and store it in a secure location because it will not be displayed again.
7. Click [here](https://dev.digicert.com/authentication/) for more details about CertCentral account creation and API key generation process.
8. Once you have generated the API key, log in to Key Manager Plus Cloud and navigate to **Integrations >> Public CA Integrations >> DigiCert**.
9. Click **Manage >> Account** and click **Add**.

![ca-digicert-1](https://cdn.manageengine.com/sites/meweb/images/key-manager/help-cloud/ca-digicert-1.png)

10. In the pop-up window that appears, provide the key details and click **Save** (Remember that applying the API key in Key Manager Plus Cloud is a one-time operation).

Now the key will be saved and your CertCentral account will be successfully linked to your Key Manager Plus Cloud account.

**Case 2: When you have a DigiCert account**

If you already have an account with DigiCert CertCentral already, perform the below steps to generate your API key from the CertCentral portal and input it in Key Manager Plus Cloud:

1. [Log in](https://www.digicert.com/account/login.php) to your CertCentral account, and generate the API key using the steps mentioned in [Case 1](https://www.manageengine.com/key-manager/help-cloud/ca-digicert.html#Case1).
2. Once you have generated the API key, switch to Key Manager Plus Cloud interface, navigate to **Integrations >> Public CA Integrations >> DigiCert**.
3. Click **Add**. Provide the **API key Name, Key**, and click **Save**. This is a one-time operation.

Your CertCentral account is now successfully linked with your Key Manager Plus Cloud account.

**Additional Detail**

To delete an API key, select the keys you wish to delete and click **Delete** from the top pane. In the pop-up that appears, click **OK**.

Upon successfully linking both your CertCentral and Key Manager Plus Cloud accounts by providing the necessary API key details and pre-validating, you can place orders for DigiCert SSL or TLS certificates directly from Key Manager Plus Cloud.

## 2. Importing Existing Certificate Orders

The next step is to import all certificate orders from your CertCentral portal into Key Manager Plus Cloud. To import existing orders, follow these steps:

1. Navigate to **Integrations >> Public CA Integrations >> DigiCert**.
2. Click **Import Existing Orders** from the **More** top menu.
3. When importing the existing orders, users can choose to exclude the expired or revoked certificates from being added to Key Manager Plus Cloud certificate inventory (This option is provided to help users save the license count by excluding the addition of unnecessary certificates into Key Manager Plus Cloud. However, irrespective of the option chosen, all the order details are imported into Key Manager Plus Cloud).

![ca-digicert-2](https://cdn.manageengine.com/sites/meweb/images/key-manager/help-cloud/ca-digicert-2.png)

4. Select the **API Key Name** and the required options. Then, click **Import**.
5. All the existing certificate orders associated with the CertCentral account are imported into Key Manager Plus Cloud.

## 3. Creating New Certificate Orders

**Additional Detail**

Before creating certificate orders, you can [pre-validate domain ownership](https://docs.digicert.com/en/certcentral/manage-certificates/organization-and-domain-management/manage-domains/supported-domain-control-validation--dcv--methods-for-domain-prevalidation.html) from the CertCentral portal.

To create a new certificate order, follow these steps:

1. Navigate to **Integrations >> Public CA Integrations >> DigiCert** and click **Order Certificate**.
2. In the window that opens, choose the product name, validity, signature algorithm, algorithm length, Keystore type, server platform, payment method, and organization.

![ca-digicert-3](https://cdn.manageengine.com/sites/meweb/images/key-manager/help-cloud/ca-digicert-3.png)

3. Provide the common name. You can additionally specify the validity in number of days or provide a custom expiration date.
4. After filling in the details, click **Create**.

**Additional Details**

- Key Manager Plus Cloud allows you to import both client certificates and server certificates from the DigiCert repository.
- Product name, payment, and organization fields are fetched and displayed according to the permissions provided in CertCentral portal.
- For certificate validity, inputs given for 'Custom Expiry Date' override 'Validity Days', which in turn override the input given for 'Validity'.
- The payment for orders placed from Key Manager Plus Cloud is handled by the CertCentral portal. Should you face any issues/discrepancies with payment, please contact the CertCentral customer support team.

Once you have created new certificate orders, your domain ownership will be validated and the certificates will be issued by the DigiCert CA.

## 4. Checking Order Status

Once a certificate order is successfully created, users can view it under **Integrations >> Public CA Integrations >> DigiCert** with its status displayed to the right view. Users can track the certificate availability for an order by selecting the order and clicking on **Check Order Status** from the top menu. If the certificate is issued, it is fetched and added to Key Manager Plus Cloud. Also, the order status is checked automatically every day on a scheduled basis.

![ca-digicert-4](https://cdn.manageengine.com/sites/meweb/images/key-manager/help-cloud/ca-digicert-4.png)

Additionally, users can track the validation status for domains or organizations from Key Manager Plus Cloud. Choose an order and click **Check Validation Status** from the top menu. To filter your order view according to the order status, click **Show** from the top menu and select from the options **Expired, Revoked**, or **Rejected** to customize your inventory display. For other statuses, such as **Issued** or **Pending**, select the **Other** option.

**Additional Detail**

Certificates issued are automatically added to Key Manager Plus Cloud, only if users have the required license count. If not, users should renew their Key Manager Plus Cloud license before attempting to import the certificate.

## 5. Managing Certificates Issued by DigiCert CA

Follow the below steps to cancel certificate orders, renew, revoke, delete, or request reissue for certificates from **Integrations >> Public CA Integrations >> DigiCert** in Key Manager Plus Cloud.

### 5.1 Canceling a Certificate Order

1. From the list of DigiCert certificate orders, select the required order.
2. Click **Cancel Order** from the **More** dropdown in the top menu.
3. In the pop-up window that appears, enter the **Comments** for canceling the certificate order and click **Save**.

The certificate order will be canceled.

### 5.2 Renewing Certificates

To renew certificates issued by DigiCert CA, follow the steps in the below sections:

**5.2.1 Manual Certificate Renewal**

To perform manual certificate renewal, follow the steps below:

1. Select the required certificate and click **Renew Certificate** from the top menu.
2. Ensure that you have the domains or organization pre-validated from CertCentral portal before requesting for a renewal.

Upon successful validation, the certificate will be issued and automatically added to the Key Manager Plus Cloud.

**5.2.2 Automated Certificate Renewal**

To configure the auto-renewal process for the desired certificates, perform the steps that follow:

1. Navigate to **Integrations >> Public CA Integrations >> DigiCert** and click **Manage** from the top right pane.
2. From the page that appears, navigate to the **Auto-Renewal** section and enable the auto-renewal process.

![ca-digicert-5](https://cdn.manageengine.com/sites/meweb/images/key-manager/help-cloud/ca-digicert-5.png)

3. Enter the number of days before expiry in which the auto-renewal process is to be carried out.
4. Select the desired certificates that are to be auto-renewed.
5. Select the **Algorithm Length, Keystore Type, Email, Server Platform**, and **Payment Method** for the newly renewed certificate and click **Save**.
6. Based on the configured details, the auto-renewal process will be carried out. Click **Auto-Renewal Audit** to get insights about the certificates renewed through the auto-renewal process.

### 5.3 Reissuing a Certificate

1. Select the required certificate order and click **Reissue Certificate** from the top menu.
2. On the page that appears, select the **API Key Name, Key, Algorithm Length, Keystore Type, Signature Algorithm**, and **Server Platform**.
3. Fill in the necessary details, such as **Common Name, Email, Comments** (if required) and generate **Keystore Password**.
4. Click **Reissue** to reissue certificates from the selected certificate order.
5. Ensure that you have the domains or organization pre-validated from CertCentral portal before requesting for a certificate reissue.
6. On successful validation, the certificate is reissued and automatically added to the Key Manager Plus Cloud.

### 5.4 Revoking a Certificate

1. From the list of DigiCert certificate orders, select the required order.
2. Click **Revoke Certificate** from the **More** dropdown in the top menu.
3. In the pop-up window that appears, fill in the **Comments** for the revoke.
4. Click the **Revoke** button.

The certificate will be revoked. If needed, switch to the **SSL >> Certificates** tab and delete the certificate to remove it from the Key Manager Plus Cloud.

### 5.5 Deleting a Certificate Order

1. From the list of DigiCert certificate orders, select the required orders.
2. Click **Delete** from the **More** dropdown in the top menu.
3. In the pop-up dialog box that appears, click **OK** to confirm deleting the certificate order request from Key Manager Plus Cloud.