DigiCert CertCentral PKI

Prerequisites

  • You need to validate the domain(s) for which you will issue certificates prior to their issuance. This can be done in DigiCert CertCentral in the Certificates > Domains menu.

  • You need to retrieve the organizationId from DigiCert CertCentral in the Certificates > Organizations menu.

  • You need to generate an API Key in DigiCert CertCentral using the Account > Account Access menu.

Limitations

  • Only the following fields are managed: commonName and subjectAltName DNS and RFC822Name.

  • For multi-valued fields (SAN DNS and RFC822Name), if more data items are provided than configured in DigiCert CertCentral for the given type of certificate, the exceeding items will be ignored.

  • All limitations induced by the use of the DigiCert CertCentral REST Connector.

Create the PKI connector

1. Log in to Horizon Administration Interface.

2. Access PKI from the drawer or card: PKI  PKI Connectors.

3. Click on Add icon.

4. Select the correct PKI type.

5. Click on the next button

General tab

6. Fill in the common mandatory fields:

  • Connector Name* (string input):
    Choose a meaningful connector name allowing to identify the mapping between the PKI and the Certificate Profile. It must be unique and must not contain spaces.

  • Proxy (string select):
    If the PKI is not directly reachable from Horizon, you can set up an HTTP/HTTPS proxy to properly forward the traffic.

  • PKI Queue (string select):
    The PKI Queue used to manage the PKI Requests (enrollment, revocation).

  • Timeout (finite duration):
    Represents a predefined interval of time without a PKI response, when the time has passed "Horizon" will cease trying to establish the communication. Must be a valid finite duration.

7. Click on the next button

Details tab

8. Fill in all mandatory fields:

  • DigiCert CertCentral API endpoint* (string input or select):
    URL to access DigiCert CertCentral API along with the certificate type to issue. To do so you can select from the drop down menu or type in your "certificate offer" value, then press "Enter" the corresponding URL will be automatically fetched.

  • DigiCert CertCentral Customer Organization ID* (int):
    Enter customer organization ID.

  • DigiCert CertCentral CA Cert ID (int):
    Enter CA Cert ID, to be used for private CA only.

  • Interval before retrying to retrieve certificate (finite duration):
    Use for private CA only. The default value is set to 9 seconds.

  • Skip Approval (boolean):
    The default value is set to false.

9. Click on the next button.

Custom tab

10. Click on Add HTTP Proxy if custom data mapping is needed.

11. Fill in the PKI-custom data mapping:

  • Custom data field* (string input):

  • Label field* (select):
    Any existing Horizon Label

12. Click on the next button.

Authentication tab

13. Fill in the PKI-authentication fields:

  • DigiCert CertCentral API Key* (string input):
    Enter the API Key.

14. Click on the save button.

You can edit Edit PKI, duplicate Duplicate PKI or delete Delete PKI the DigiCert CertCentral PKI connector.