DigiCert SSL Integration with Password Manager Pro

Password Manager Pro (PMP) integrates with DigiCert certificate signing authority, allowing enterprises to automate the end-to-end management of web server certificates signed and issued by DigiCert, from a centralized platform. This document discusses the steps to manage the life cycle operations of SSL/TLS certificates issued by DigiCert, directly from PMP's web interface; these operations include importing existing orders, certificate requests, provisioning, deployment, and renewal of certificates.

Before you proceed with the integration, complete the following step as a prerequisite:

Prerequisite

Add the following base URL and port as an exception in your firewall or proxy to ensure PMP is able to connect to DigiCert's CA Services.
URL: https://www.digicert.com/services/v2/
Port: 443

Follow the step-by-step procedure below to integrate DigiCert with PMP:

  1. Configuring DigiCert CertCentral API key details

    1.1 Steps to generate API key in DigiCert CertCentral

    1.2 Steps to apply the API key in PMP

  2. Pre-validating organizations/domains in DigiCert CertCentral
  3. Importing existing orders
  4. Creating a certificate order
  5. Issuing certificates
  6. Managing certificates

1. Configuring DigiCert CertCentral API Key Details

To request and manage DigiCert certificates from Password Manager Pro, you need to link your Password Manager Pro account with your DigiCert CertCentral account. To achieve this, you must apply your CertCentral API key details in PMP.

If you do not have a DigiCert account already, follow the steps below to sign up for a new account: 

  1. Go to DigiCert's sign up page and fill in the required details.
  2. Once the account is created, navigate to DigiCert's login page and log into the CertCentral portal using your DigiCert credentials.
  3. Once logged in, generate your CertCentral API key by following the below steps.

1.1 Steps to Generate API Key in DigiCert CertCentral

  1. Go to Automation on the left pane of the CertCentral portal and click Add API Key.
  2. In the window that opens, enter a Name and Description for the API key, assign a User. The user assigned should have admin privileges in digicert. 
  3. Click Add.
  4. A new API key is generated and displayed in a different window. Copy the key and store it in a secure location, for it will not be displayed again.

Click here for more about CertCentral account creation and API key generation process.

1.2 Steps to Apply the API Key in PMP

  1. Once you have generated the API key, login to Password Manager Pro and navigate to Certificates >> DigiCert.
  2. You will be prompted to enter the API key. Provide the key details and click Save. (Remember, applying the API key in PMP is a one-time operation)

Now the key is saved and your CertCentral account is successfully linked to your PMP account.

2. Pre-validating Organizations/Domains in DigiCert CertCentral
(To be performed in the DigiCert CertCentral portal)

Before placing orders for DigiCert certificates from PMP, you must have your domains/organizations pre-validated from the DigiCert CertCentral portal. Once the pre-validation process is complete, you can proceed with certificate issuance and renewals for those domains/organizations. Read more about the pre-validation process in the CertCentral user guide.

3. Importing Existing Orders

The next step is to import all certificate orders from your CertCentral portal into the PMP repository. Follow the below steps:

  1. Navigate to Certificates >> DigiCert tab.
  2. Click Import Existing Orders from the More drop down in the top bar.
  3. Select the Expired or Revoked option to exclude the expired or revoked certificates from getting added to the PMP certificate repository during import. This can save the license count for SSL certificates in your installation without affecting the number of order details fetched into PMP.
  4. Once the required option is selected, click Import.

All the existing certificate orders associated with your DigiCert CertCentral account will be imported into the PMP repository.

4. Creating a Certificate Order

Once you have successfully linked your CertCentral account to your PMP account by providing the API key details, you can place orders for DigiCert SSL/TLS certificates directly from the PMP interface.

Follow the below steps to place a new certificate order:

  1. Navigate to Certificates >> DigiCert and click Order Certificate.
  2. In the Order Certificate window, choose the Product Name, Validity, Signature Algorithm, Algorithm Length, Keystore Type, Server Platform, Payment Method and Organization.
  3. Enter the Common Name. You can also specify the Validity in number of days, or enter a Custom Expiration Date
  4. After filling in the details, click Create.

Notes:

  • Product name, payment, and organization fields are fetched and displayed according to the permissions provided in the CertCentral portal.
  • For certificate validity, the value given for Custom Expiry Date overrides the values given for Validity Days and Validity in years. The value given for Validity Days overrides the value given for Validity.
  • The payment for orders placed from PMP is handled by the CertCentral portal. If you face any issues with the payment, please contact the CertCentral customer support team.

5. Issuing Certificates

  1. Once a certificate order is successfully created, you can view it under Certificates >> DigiCert tab along with the certificate order status. 
  2. To track the certificate availability for an order, select the order and click Check Order Status from the top bar. The order status is checked automatically through a schedule every day. During the scheduled check if the certificate is available, it is fetched and added to the PMP certificate repository.
  3. To track the validation status for domains/organizations from PMP, choose an order and click More >> Check Validation Status from the top menu.
  4. To filter your order view according to the order status, click the Show drop-down from the top menu and select from the options Expired, Revoked, or Rejected to customize your repository display. For other statuses such as Issued or Pending, select the Other option.

Note: Certificates issued are automatically added to the PMP repository only if you have the required license count. If not, you need to purchase an add-on for more keys and certificates before attempting to import new certificates.

6. Managing Certificates

Follow the below steps to renew, revoke, delete or request reissue for certificates or cancel certificate orders from PMP.

Navigate to Certificates >> DigiCert.

6.1 Renewing a Certificate

  1. Select the required certificate and click Renew Certificate from the top bar.
  2. Ensure that you have the domain(s) / organization pre-validated from CertCentral portal before requesting for a renewal.
  3. On successful validation, certificate is issued and automatically added to the PMP certificate repository.

6.2 Requesting for a Certificate Reissue

  1. Select the required certificate and click Reissue Certificate from the top bar.
  2. Ensure that you have the domain(s) / organization pre-validated from CertCentral portal before requesting for a certificate reissue.
  3. On successful validation, the certificate is reissued and automatically added to the PMP certificate repository.

6.3 Revoking a Certificate

  1. Select the required certificate and click Revoke Certificate from the More drop down in the top bar.
  2. The certificate is revoked. Switch to Certificates tab and delete the certificate to remove it from the PMP repository.

6.4 Deleting a Certificate Request

  1. Select the required order and click Delete from the More drop down in the top bar.
  2. The certificate request is deleted from PMP.

6.5 Canceling a Certificate Order

  1. Select the required order and click Cancel Order from the More drop down in the top bar.
  2. The certificate order is canceled.

©2014, ZOHO Corp. All Rights Reserved.

Top