Managing enrollment forms
Edit an enrollment form
-
Navigate to
. -
Select the enrollment form you want to edit, and click Edit.
-
Update the enrollment form name.
-
Click the Edit icon in the top right of the Edit Enrollment Endpoint dialog.
-
Update the enrollment form name as required.
-
Click Next.
-
-
Update the Configuration tab based on the information provided in the following table.
Field Description Authentication Types
The authentication types that can be used to access the enrollment form.
The possible types are:
-
Email Confirmation — The enrollment form can be accessed using an email confirmation.
For client certificate enrollment, the provided email must be from a domain delegated to the organization or department.
-
Identity Provider — The enrollment form can be accessed using your configured identity provider.
IDP authentication is required in order to see or use enrollment form accounts that are configured with the IdP assertion mapping authorization method.
-
Secret ID — The enrollment form can be accessed using the email and secret ID of a Person in SCM who is associated with the account’s organization or department.
Help Instructions
Instructions that will be displayed to users when they access the enrollment form.
URL Link Text
Clickable text to be displayed in the enrollment form that, when clicked, redirects users to the URL provided in the URL Address field.
URL Address
The URL for an external source for additional instructions.
-
-
Click Save.
Delegate an enrollment form
-
Navigate to
. -
Select the enrollment form you want to delegate, and click Delegate.
-
Specify the Delegation Mode based on the information in the following table.
Field Description General
When selected, the enrollment form is available for all organizations and departments.
Customized
When selected, the enrollment form is available for only the selected organizations and departments.
-
Click Save.
Delete an enrollment form
-
Navigate to
. -
Select the enrollment form you want to delete, and click the Delete icon.
-
Click Delete.
Managing enrollment form accounts
Edit an enrollment form account
-
Navigate to
. -
Select the enrollment form with the account you want to edit, and click Accounts.
-
Select the account you want to edit, and click Edit.
-
Update the Edit Web Form Account dialog based on the information provided in the following table.
Field Description Name
The name of the account.
Profiles
The certificate profiles available when enrolling certificates through this account.
CSR generation method
The method used to generate the certificate signing request (CSR) for certificates requested through this account.
-
Browser — The CSR and private key are generated directly in the browser. The private key remains secure as it is not stored in SCM or visible to Sectigo. This method supports the issuance of SSL, Client, Device, and Code-Signing certificates. The issued certificate and private key can be downloaded in
.p12
format. -
Server — The CSR and private key are generated in SCM. Because Sectigo has visibility of the private key, this method only supports the issuance of Client, Device, and Code-Signing certificates. When used to request Client certificates, the private key is eligible for storage in Sectigo Key Vault. The issued certificate and private key can be downloaded in
.p12
format. -
Provided by user — The CSR is created and provided by the requestor. This method supports the issuance of SSL, Client, Device, and Code-Signing certificates. The issued certificate and private key are not available in
.p12
format. -
Sectigo Security App — The CSR and private key are generated using the Sectigo Security application installed on the requestor’s machine. This method supports the issuance of SSL, Client, and Device certificates. The issued certificate is directly transferred to the Sectigo Security App for installation.
Automatically approve certificate requests
When selected, certificate requests are automatically approved without needing administrator approval in SCM. This overrides any approval requirements configured in the certificate profile.
Allow Auto Renew SSL Certificates
When selected, SSL certificates are eligible for automatic renewal configuration during enrollment.
Allow Empty PKCS12 Password for Compatible TripleDES-SHA1
When selected, users can leave the password field empty when requesting the certificate. Setting a password is recommended as not all applications support non-password protected certificates.
Preferred key protection algorithm
The default key protection algorithm selected in the enrollment form for certificates requested through this account. Users can still select a different algorithm when requesting the certificate.
-
No preference — The account is accessible to any user that can authenticate to the enrollment endpoint.
-
Secure AES256-SHA256 — The key protection algorithm is set to AES256-SHA256.
-
Compatible TripleDES-SHA1 — The key protection algorithm is set to TripleDES-SHA1.
Authorization method
The method used to authorize user access to the account.
The options are:
-
None — No authorization is required for the account.
-
Access Code — When Access Code is selected as the authorization method, you provide an access code for the account. Following authentication to the enrollment form, users can enter this access code to access the account.
-
IDP assertions mapping — When ID assertions mapping is selected as the authorization method, you can click Edit to map IDP assertions authorize users to access the account automatically when authenticating through their IDP.
The following IDP assertions are available for mapping:
-
cn — The user’s full name or common name.
-
displayname — A human-readable display name for the user.
-
entitlement — Information about the user’s access rights or permissions.
-
eppn — A unique identifier for individuals within education and research institutions, often resembling an email address.
-
givenname — The user’s first name.
-
groups — Information about the user’s group memberships or affiliations.
-
mail — The user’s email address.
-
schachomeorganization — The user’s organization identifier.
-
sn — The user’s last name or surname.
-
uid — A unique identifier for the user within an organization or system.
-
-