Sectigo.com
Shop Enterprise Partners Resources

Adding SSL certificates

Enroll an SSL certificate in SCM

Domains must be added and validated before enrolling for publicly trusted SSL certificates. For more information, see Understanding domains.

  • Using a Certificate Signing Request ( CSR )

  • Generation of CSR

  • Generation of CSR with Auto-Installation

  • Generation of CSR in Azure Key Vault

  1. Navigate to Certificates  SSL Certificates.

  2. Click the Add icon.

  3. Select Using a Certificate Signing Request (CSR), and click Next.

  4. Complete the Details tab fields based on the information provided in the following table.

    Field Description

    Organization

    The organization to which the certificate belongs.

    Department

    The department to which the certificate belongs.

    Certificate Profile

    The certificate profile to be used for certificate issuance.

    Certificate Term

    The validity period of the certificate. The available terms are dependent on the certificate profile.

    Comments

    Comments or notes about the certificate.

    External Requesters

    The email address of any external requester(s).
    Depending on your configuration, additional custom fields may be available.

  5. Click Next.

  6. On the CSR tab, paste your CSR, and click Next.

  7. Complete the Domains tab.

    1. If prompted, enter any required Subject Alternative Names (SANs).

    2. Click Next.

  8. If prompted, on the EV details tab, review the EV details, and click Next.

    EV details for the organization can be updated on the Organizations page. For more information, see Update EV details.

  9. Complete the Auto-Renewal tab.

    1. (Optional) Enable auto-renewal.

      1. Specify whether or not a new key pair should be created when the certificate is renewed.

      2. Set the number of days prior to expiration that the certificate should be renewed.

    2. Click Next/OK.

  10. If prompted, read the EULAs, select I Agree for each, and click OK.

This requires the configuration of a private key agent. For more information, see Understanding private key agents.

  1. Navigate to Certificates  SSL Certificates.

  2. Click the Add icon.

  3. Select Generation of CSR, and click Next.

  4. Complete the Details tab fields based on the information provided in the following table.

    Field Description

    Organization

    The organization to which the certificate belongs.

    Department

    The department to which the certificate belongs.

    Certificate Profile

    The certificate profile to be used for certificate issuance.

    Certificate Term

    The validity period of the certificate. The available terms are dependent on the certificate profile.

    Comments

    Comments or notes about the certificate.

    External Requesters

    The email address of any external requester(s).
    Depending on your configuration, additional custom fields may be available.

  5. Click Next.

  6. Complete the Private Key tab.

    1. Select a key type.

    2. (Optional) Set a password required to download the private key for the issued certificate.

      Make note of the password for future use.

    3. Click Next.

  7. Complete the Domains tab.

    1. Enter the domain for which the certificate will be issued.

    2. Enter any required Subject Alternative Names (SANs).

    3. Click Next.

  8. If prompted, on the EV details tab, review the EV details, and click Next.

    EV details for the organization can be updated on the Organizations page. For more information, see Update EV details.

  9. Complete the Auto-Renewal tab.

    1. (Optional) Enable auto-renewal.

      1. Specify whether or not a new key pair should be created when the certificate is renewed.

      2. Set the number of days prior to expiration that the certificate should be renewed.

    2. Click Next/OK.

  10. If prompted, read the EULAs, select I Agree for each, and click OK.

This requires the configuration of a network agent for the appropriate organization. For more information, see Understanding network agents.

  1. Navigate to Certificates  SSL Certificates.

  2. Click the Add icon.

  3. Select Generation of CSR with Auto-Installation, and click Next.

  4. Complete the Details tab fields based on the information provided in the following table.

    Field Description

    Organization

    The organization to which the certificate belongs.

    Department

    The department to which the certificate belongs.

    Certificate Profile

    The certificate profile to be used for certificate issuance.

    Certificate Term

    The validity period of the certificate. The available terms are dependent on the certificate profile.

    Comments

    Comments or notes about the certificate.

    External Requesters

    The email address of any external requester(s).
    Depending on your configuration, additional custom fields may be available.

  5. Click Next.

  6. Complete the Private Key tab.

    1. Select a key type.

    2. Click Next.

  7. Complete the Domains tab.

    1. Enter the domain for which the certificate will be issued.

    2. Enter any required Subject Alternative Names (SANs).

    3. Click Next.

  8. If prompted, on the EV details tab, review the EV details, and click Next.

    EV details for the organization can be updated on the Organizations page. For more information, see Update EV details.

  9. Complete the Nodes & Ports tab.

    For information on configuring nodes and ports, see Configuring network agents.

    1. Click the Add icon.

    2. Select the node(s) to which the certificate will be installed.

    3. Click Next.

  10. Complete the Auto-installation tab.

    1. Specify whether certificate installation should be performed manually or on a schedule.

    2. If scheduled, configure the installation schedule.

    3. Click Next.

  11. Complete the Auto-Renewal tab.

    1. (Optional) Enable auto-renewal.

      1. Specify whether or not a new key pair should be created when the certificate is renewed.

      2. Set the number of days prior to expiration that the certificate should be renewed.

    2. Click Next/OK.

  12. If prompted, read the EULAs, select I Agree for each, and click OK.

This requires the configuration of Azure Key Vault. For more information, see Configuring Azure Key Vault.

  1. Navigate to Certificates  SSL Certificates.

  2. Click the Add icon.

  3. Select Generation of CSR in Azure Key Vault, and click Next.

  4. Complete the Details tab fields based on the information provided in the following table.

    Field Description

    Organization

    The organization to which the certificate belongs.

    Department

    The department to which the certificate belongs.

    Certificate Profile

    The certificate profile to be used for certificate issuance.

    Certificate Term

    The validity period of the certificate. The available terms are dependent on the certificate profile.

    Comments

    Comments or notes about the certificate.

    External Requesters

    The email address of any external requester(s).
    Depending on your configuration, additional custom fields may be available.

  5. Click Next.

  6. Complete the Private Key tab based on the information provided in the following table.

    Field Description

    Azure Account

    The name of the SCM Azure account configured for the Azure Key Vault.

    Resource Group

    The name of the resource group in Azure containing the appropriate Azure Key Vault.

    Key Vault

    The name of the Azure Key Vault in which the CSR should be generated.

    Key Type

    The key size or curve to be used for encrypting the private key.

    Reuse Key

    Indicates whether the existing private key should be reused when renewing the certificate. If this policy is changed in Azure, the Azure policy will take precedence during certificate renewal or replacement.

    Once the certificate is issued, this setting cannot be changed.

    Exportable Key

    Indicates whether the private key can be exported from the Azure Key Vault. If this policy is changed in Azure, the Azure policy will take precedence during certificate renewal or replacement.

    Once the certificate is issued, this setting cannot be changed.

    Store Key in HSM

    Indicates whether the key will be stored in a hardware security module (HSM).

    Once the certificate is issued, this setting cannot be changed.

  7. Click Next.

  8. Complete the Domains tab.

    1. Enter the domain for which the certificate will be issued.

    2. Enter any required Subject Alternative Names (SANs).

    3. Click Next.

  9. If prompted, on the EV details tab, review the EV details, and click Next.

    EV details for the organization can be updated on the Organizations page. For more information, see Update EV details.

  10. Complete the Auto-Renewal tab.

    1. (Optional) Enable auto-renewal.

      1. Specify whether or not a new key pair should be created when the certificate is renewed.

      2. Set the number of days prior to expiration that the certificate should be renewed.

    2. Click Next/OK.

  11. If prompted, read the EULAs, select I Agree for each, and click OK.

Import SSL certificates

  1. Navigate to Certificates  SSL Certificates.

  2. Click the Import icon.

  3. Select the organization to which the certificates will be assigned.

  4. (Optional) Select the department to which the certificates will be assigned.

  5. Click Next.

  6. Click the Upload SSL button.

  7. Select your .zip file, and click Open.

    Certificates in the .zip file must be in .cer, .crt, or .pem format.