# Integrating Sectigo Certificate Manager with Key Manager Plus Cloud Key Manager Plus Cloud facilitates integration with Sectigo Certificate Manager (SCM), a PKI management platform that specializes in managing SSL/TLS certificates, SSH keys, and various other digital identities. The integration leverages SCM's API and allows Key Manager Plus Cloud to act as a centralized platform where you can import and manage SSL or TLS certificates from the SCM. Automate the lifecycle management of these certificates through diverse operations that are supported by the integration. This document details the steps to manage the lifecycle of SSL/TLS certificates issued by the SCM, which includes importing existing orders, creating new certificate requests, deployment, and renewal of certificates. 1. [Setting up Sectigo Certificate Manager](https://www.manageengine.com/key-manager/help-cloud/ca-sectigo.html#Setting_up_Sectigo_Certificate_Manager) 2. [Importing Existing Certificate Orders](https://www.manageengine.com/key-manager/help-cloud/ca-sectigo.html#Importing_Existing_Certificate_Orders) 3. [Creating a New Certificate Orders](https://www.manageengine.com/key-manager/help-cloud/ca-sectigo.html#Creating_New_Certificate_Orders) 4. [Checking Order Status](https://www.manageengine.com/key-manager/help-cloud/ca-sectigo.html#Checking_Order_Status) 5. [Managing Certificates Issued by Sectigo Certificate Manager](https://www.manageengine.com/key-manager/help-cloud/ca-sectigo.html#Managing_Certificates_Issued_by_Sectigo_Certificate_Manager) ## 1. Setting up Sectigo Certificate Manager To begin managing SSL certificates issued by SCM, add the SCM account in Key Manager Plus Cloud and link the unique Customer URI. For users who does not have an SCM account, contact the Sectigo team to sign up and get the login credentials and Customer URI. Follow the below steps to link the SCM account with Key Manager Plus Cloud and begin the integration process: 1. Log in to the Key Manager Plus Cloud, navigate to **Integrations >> Public CA Integrations >> Sectigo** and click **Manage**. ![ca-sectigo-1](https://cdn.manageengine.com/sites/meweb/images/key-manager/help-cloud/ca-sectigo-1.png) 2. Under **Account**, enter the SCM **Username, Password**, your unique **Customer URI**. 3. Click **Save**. This is a one-time operation. Users can find your Customer URI suffixed in the SCM login URL as shown below: ![ca-sectigo-2](https://cdn.manageengine.com/sites/meweb/images/key-manager/help-cloud/ca-sectigo-2.png) The SCM account details are saved and it is now successfully linked to the Key Manager Plus Cloud account. **Caution** - For this integration to work as expected, the SCM account should have the **MRAO Admin user** role in the Sectigo portal. - The user profile under the SCM account you are using should contain pre-validated domains and organizations. To send certificate requests, Key Manager Plus Cloud fetches the existing domains, organizations, and certificate profiles from the SCM. Since the SCM issues certificates based on certificate profiles and pre-validated domains, this step is vital to ensure success of the integration. Once the integration is complete, all the organizations, domains, and certificate profiles listed in your SCM account will be imported into Key Manager Plus Cloud and displayed under individual tabs, along with their ID and status. This information is updated once a week through an automated schedule. **Additional Detail** To manually sync the SCM account, click the **Sync** option available under each tab. After successfully linking the SCM account with Key Manager Plus Cloud, users can start importing existing certificate orders or creating new certificate orders directly from Key Manager Plus Cloud. ![ca-sectigo-3](https://cdn.manageengine.com/sites/meweb/images/key-manager/help-cloud/ca-sectigo-3.png) ## 2. Importing Existing Certificate Orders If the users have an active SCM account, they likely have the existing certificate orders that can be managed using SCM. Apart from creating new certificate orders, users can also import all the existing orders from the SCM portal and manage them from Key Manager Plus Cloud. To do so, follow the steps below: 1. Log in to Key Manager Plus Cloud and navigate to **Integrations >> Public CA Integrations >> Sectigo**. 2. Click **More >> Import Existing Orders** from the top menu. ![ca-sectigo-4](https://cdn.manageengine.com/sites/meweb/images/key-manager/help-cloud/ca-sectigo-4.png) 3. Select the required option and click **Import**. All the existing certificate orders associated with the SCM account are imported into Key Manager Plus Cloud. ## 3. Creating New Certificate Orders To place a new certificate order, follow the steps below: 1. Navigate to **Integrations >> Public CA Integrations >> Sectigo** and click **Order Certificate** from the top menu. ![ca-sectigo-5](https://cdn.manageengine.com/sites/meweb/images/key-manager/help-cloud/ca-sectigo-5.png) 2. In the form that opens, enter the following attributes: **Common Name, SAN, Organization, Certificate Profile, Term, Key Algorithm, Key Size, Keystore Type, Keystore Password, Comments**, and **External Requester Emails**. 3. Ensure that the appropriate **Certificate Profile** is selected. Also, ensure that the comment does not exceed 1024 characters. 4. Verify the details and click **Create**. **Additional Detail** If there is any mismatch in the SCM-related details, please verify them on the Sectigo portal and then perform a manual sync under **Sectigo >> Manage** in Key Manager Plus Cloud to refresh the details view. ## 4. Checking Order Status Once a certificate order is successfully created, users can view it under the **Integrations >> Public CA Integrations >> Sectigo** tab with its status displayed to the right. To track the certificate availability for an order, select the order and click **Check Order Status** from the top menu. Once a certificate is issued, it is fetched and added to Key Manager Plus Cloud. Users will be able to view it under **SSL >> Certificates**. Typically, the status of your certificate orders is checked automatically every day through a schedule. This way, whenever a certificate is available, it is fetched and added to Key Manager Plus Cloud. **Additional Detail** Please note that the certificates that are issued are automatically added to Key Manager Plus Cloud only if there is enough license count. If not, users should renew your Key Manager Plus Cloud license before attempting to import any certificates. ## 5. Managing Certificates Issued by Sectigo Certificate Manager Users can renew, revoke, delete, or request reissuance of certificates or cancel certificate orders from Key Manager Plus Cloud. ### 5.1 Renewing Certificates The below sections details how to renew certificates issued by Sectigo Certificate Manager. **5.1.1 Manual Certificate Renewal** To renew the desired certificates manually, perform the steps that follow: 1. Navigate to **Integrations >> Public CA Integrations >> Sectigo**. 2. Select the required certificate and click **Renew Certificate** from the top menu. 3. In the confirmation pop-up that appears, click **OK**. Upon successful validation, the certificate is issued and will be automatically added to Key Manager Plus Cloud. **5.1.2 Automated Certificate Renewal** To configure the auto-renewal process for the desired certificates, perform the steps that follow: 1. Navigate to **Integrations >> Public CA Integrations >> Sectigo** and click **Manage** from the top right pane. 2. From the page that appears, navigate to the **Auto-Renewal** section and enable the **Auto-Renew** button. ![ca-sectigo-6](https://cdn.manageengine.com/sites/meweb/images/key-manager/help-cloud/ca-sectigo-6.png) 3. Enter the number of days before expiry in which the auto-renewal process is to be carried out. 4. Select the desired certificates that are to be auto-renewed and click **Save**. 5. Based on the configured details, the auto-renewal process will be carried out. Click the **Auto-Renewal Audit** to get insights about the certificates renewed through the auto-renewal process. ### 5.2 Reissuing Certificates To reissue the required certificates, do the steps that follow: 1. Navigate to **Integrations >> Public CA Integrations >> Sectigo**. 2. Select the required certificate and click **Reissue Certificate** from the top menu. 3. In the window that appears, verify the **Common Name, SAN, Key, Key Algorithm, Key Size**, and **Keystore Type**. ![ca-sectigo-7](https://cdn.manageengine.com/sites/meweb/images/key-manager/help-cloud/ca-sectigo-7.png) 4. Enter or generate the **Keystore Password** and the **Reason** for reissuing the certificate. Upon successful validation, the certificate is issued and will be automatically added to Key Manager Plus Cloud. ### 5.3 Revoking Certificates To revoke the certificates, do the steps that follow: 1. Navigate to **Integrations >> Public CA Integrations >> Sectigo**. 2. Select the required certificate and click **More >> Revoke Certificate** from the top menu. 3. In the pop-up window that appears, enter the **Comments** to revoke the certificate order and click **Revoke**. 4. The certificate is revoked. Go to the **SSL >> Certificates** tab and delete the certificate to remove it from Key Manager Plus Cloud. ### 5.4 Deleting Certificate Orders To delete the certificate orders, do the steps that follow: 1. Navigate to **Integrations >> Public CA Integrations >> Sectigo**. 2. Select the required order and click **More >> Delete** from the top menu. 3. In the confirmation dialog box that appears, click **OK** to delete the certificate order. The certificate request is deleted from Key Manager Plus Cloud. **Additional Detail** Using the **Delete** option only removes the certificate from Key Manager Plus Cloud, and users can no longer manage it from the product. However, it does not delete the certificate request from the SCM—the certificate can still be viewed and managed from the SCM portal.