Certificate enrollment

The enrollment process begins when your administrator sends you an invitation email or provides you with a URL for the self-enrollment form.

Enroll for a certificate

The enrollment process is the same for all certificate types, but the fields in the enrollment form differ based on the certificate type and the method of certificate signing request (CSR) generation.

Before beginning the enrollment process, confirm with your administrator whether you are required to install the Sectigo Security for Windows application.

  • SSL

  • Client

  • Device

  • Code signing

  1. Access and authenticate to the SCM self-enrollment interface using the email or direct URL provided by your SCM administrator.

    For information on authentication methods, see Authentication and Authorization Methods.

  2. If you are not taken directly to the enrollment form, click Enroll Certificate.

  3. Use the appropriate authorization method to access the corresponding enrollment account.

    If you have multiple enrollment accounts, you may see multiple authorization methods. Each authorization method corresponds to a different enrollment account. Some accounts may not require authorization.

  4. Complete the enrollment form based on the information provided in the following table.

    Field Description

    Certificate Profile

    The certificate profile to be used for certificate issuance.

    Certificate Term

    The validity period of the certificate. The available terms depend on the configuration of the certificate profile.

    CSR

    The certificate signing request (CSR) to be used for certificate issuance.

    Key Type

    The key size or curve to be used to generate the cryptographic key pair for the certificate.

    Common Name

    The common name (CN) to be used for certificate issuance.

    Subject Alternative Name

    Additional domain names, IP addresses, email addresses, or other identifiers that the certificate should be valid for.

    DCV Mode

    The method used to perform Domain Control Validation (DCV).

    The possible options are:

    • CNAME

    • TXT

    • HTTP/S

    • EMAIL

    External Requesters

    The email address of any external requester(s).

    Comments

    Comments or notes about the certificate.

    Auto-Renew

    Whether the certificate should be automatically renewed when it is about to expire.

    Days Before Expiration

    The number of days before expiration to attempt certificate auto-renewal.

    Custom Fields

    The available custom fields depend on the configuration of the certificate profile.

    Incorporation or Registration Agency

    Incorporation/Registration Agency

    The agency with which the organization is incorporated or registered.

    DUN and Bradstreet Number

    A unique nine-digit identifier for businesses, provided by the company Dun & Bradstreet.

    Business Category

    The industry or sector the company operates in.

    Main Telephone Number

    The contact phone number of the organization.

    Jurisdiction of Incorporation City or Town

    The city or town where the company was incorporated.

    State or Province of Incorporation

    The state or province where the company was incorporated.

    Country of Incorporation

    The country where the company was incorporated.

    Date of Incorporation

    The date when the company was officially incorporated.

    Registration Number

    A unique number assigned by the incorporating agency when a company is formed.

    Certificate requester

    Title or Position

    The professional title of the certificate requester.

    First Name

    The first name of the certificate requester.

    Last Name

    The last name of the certificate requester.

    Email Address

    The email address of the certificate requester.

    Direct Telephone Number

    The contact phone number of the certificate requester.

    Address

    The street address where the certificate requester does business.

    City or Town

    The city or town where the certificate requester does business.

    State or Province

    The state or province where the certificate requester does business.

    Postal Code (ZIP Code)

    The ZIP/postal code where the certificate requester does business.

    Country

    The country where the certificate requester does business.

    Relationship

    The nature of the certificate requester’s relationship with the organization (such as, employee or third party).

    Contract Signer

    Title or Position

    The professional title of the contract signer.

    First Name

    The first name of the contract signer.

    Last Name

    The last name of the contract signer.

    Email Address

    The email address of the contract signer.

    Direct Telephone Number

    The contact phone number of the contract signer.

    Address

    The street address where the contract signer does business.

    City or Town

    The city or town where the contract signer does business.

    State or Province

    The state or province where the contract signer does business.

    Postal Code (ZIP Code)

    The ZIP/postal code where the contract signer does business.

    Country

    The country where the contract signer does business.

    Relationship

    The nature of the contract signer’s relationship with the organizations (such as, employee or third party).

  5. If prompted, review the EULA, and select I have read and agree to the terms of the EULA.

  6. Click Submit.

    Since the enrollment form may be configured to require approval from your SCM administrator, it is best practice to immediately notify your administrator that you have submitted a request.

  7. (Sectigo Security for Windows only) If prompted, click Open SectigoSecurityWF to launch the Sectigo Security for Windows application.

Depending on the configuration of the enrollment form, you may be prompted to download the certificate and private key immediately. Alternatively, you may receive an email notification when your certificate is ready for download.

You can also return to the SCM self-enrollment interface at any time to download your certificate.

  1. Access and authenticate to the SCM self-enrollment interface using the email or direct URL provided by your SCM administrator.

    For information on authentication methods, see Authentication and Authorization Methods.

  2. If you are not taken directly to the enrollment form, click Enroll Certificate.

  3. Use the appropriate authorization method to access the corresponding enrollment account.

    If you have multiple enrollment accounts, you may see multiple authorization methods. Each authorization method corresponds to a different enrollment account. Some accounts may not require authorization.

  4. Complete the enrollment form based on the information provided in the following table.

    Field Description

    Certificate Profile

    The certificate profile to be used for certificate issuance.

    Certificate Term

    The validity period of the certificate. The available terms depend on the configuration of the certificate profile.

    Key Type

    The key size or curve to be used to generate the cryptographic key pair for the certificate.

    CSR

    The certificate signing request (CSR) for the device certificate. The CSR must match one of the key types supported by the certificate profile.

    First Name

    The first name of the certificate subject.

    Middle Name

    The middle name of the certificate subject.

    Last Name

    The last name of the certificate subject.

    Comments

    Comments or notes about the certificate.

    Custom Fields

    The available custom fields depend on the configuration of the certificate profile.

  5. If prompted, review the EULA, and select I have read and agree to the terms of the EULA.

  6. Click Submit.

  7. (Sectigo Security for Windows only) If prompted, click Open SectigoSecurityWF to launch the Sectigo Security for Windows application.

Depending on the configuration of the enrollment form, you may be prompted to download the certificate and private key immediately. Alternatively, you may receive an email notification when your certificate is ready for download.

You can also return to the SCM self-enrollment interface at any time to download your certificate.

  1. Access and authenticate to the SCM self-enrollment interface using the email or direct URL provided by your SCM administrator.

    For information on authentication methods, see Authentication and Authorization Methods.

  2. If you are not taken directly to the enrollment form, click Enroll Certificate.

  3. Use the appropriate authorization method to access the corresponding enrollment account.

    If you have multiple enrollment accounts, you may see multiple authorization methods. Each authorization method corresponds to a different enrollment account. Some accounts may not require authorization.

  4. Complete the enrollment form based on the information provided in the following table.

    Field Description

    Certificate Profile

    The certificate profile to be used for certificate issuance.

    Certificate Term

    The validity period of the certificate. The available terms depend on the configuration of the certificate profile.

    Key Type

    The key size or curve to be used to generate the cryptographic key pair for the certificate.

    Common Name

    The common name (CN) to be used for certificate issuance.

    CSR

    The certificate signing request (CSR) for the device certificate. The CSR must match one of the key types supported by the certificate profile.

    Comments

    Comments or notes about the certificate.

    Custom Fields

    The available custom fields depend on the configuration of the certificate profile.

  5. If prompted, review the EULA, and select I have read and agree to the terms of the EULA.

  6. Click Submit.

    Since the enrollment form may be configured to require approval from your SCM administrator, it is best practice to immediately notify your administrator that you have submitted a request.

  7. (Sectigo Security for Windows only) If prompted, click Open SectigoSecurityWF to launch the Sectigo Security for Windows application.

Depending on the configuration of the enrollment form, you may be prompted to download the certificate and private key immediately. Alternatively, you may receive an email notification when your certificate is ready for download.

You can also return to the SCM self-enrollment interface at any time to download your certificate.

  1. Access and authenticate to the SCM self-enrollment interface using the email provided by your SCM administrator.

    For information on authentication methods, see Authentication and Authorization Methods.

  2. If you are not taken directly to the enrollment form, click Enroll Certificate.

  3. Use the appropriate authorization method to access the corresponding enrollment account.

    If you have multiple enrollment accounts, you may see multiple authorization methods. Each authorization method corresponds to a different enrollment account. Some accounts may not require authorization.

  4. Complete the enrollment form based on the information provided in the following table.

    Field Description

    Certificate Term

    The validity period of the certificate. The available terms depend on the configuration of the certificate profile.

    Certificate Email (SAN)

    Additional domain names, IP addresses, email addresses, or other identifiers that the certificate should be valid for.

    First Name

    The first name of the certificate subject.

    Last Name

    The last name of the certificate subject.

    Shipping Type

    The shipping method for the physical token.

    CSR

    The certificate signing request (CSR) for the device certificate. The CSR must match one of the key types supported by the certificate profile.

    Key Attestation

    The attestation key created in the hardware security module (HSM) during key generation.

    HSM Type

    The type of HSM to be used for key storage.

    The currently supported HSM types are:

    • Luna

    • Yubikey

    • Marvell/Google

    • Fortanix

    • YubiHSM2

    • nCipher

    For additional information about key attestation, see Key Attestation Code Signing Guide for Enterprise Customers.

    Comments

    Comments or notes about the certificate.

    Custom Fields

    The available custom fields depend on the configuration of the certificate profile.

    Incorporation or Registration Agency

    Jurisdiction of Incorporation City or Town

    The city or town where the company was incorporated.

    State or Province of Incorporation

    The state or province where the company was incorporated.

    Country of Incorporation

    The country where the company was incorporated.

    Business Category

    The industry or sector the company operates in.

    Shipping Details

    Organization Name

    The name of the organization receiving the token.

    Organization Unit Name

    The name of the department or division within the organization to receive the token.

    Street Address 1, 2, 3

    The street address of the organization receiving the token.

    City or Town

    The city or town of the organization receiving the token.

    State or Province

    The state or province of the organization receiving the token.

    Postal Code

    The zip/postal code of the organization receiving the token.

    Country

    The country of the organization receiving the token.

    Title

    The professional title of the individual receiving the token.

    First Name

    The first name of the individual receiving the token.

    Last Name

    The last name of the individual receiving the token.

    Email Address

    The email address of the individual receiving the token.

    Phone Number

    The phone number of the individual receiving the token.

  5. If prompted, review the EULA, and select I have read and agree to the terms of the EULA.

  6. Click Submit.

  7. (Sectigo Security for Windows only) If prompted, click Open SectigoSecurityWF to launch the Sectigo Security for Windows application.

Depending on the configuration of the enrollment form, you may be prompted to download the certificate and private key immediately. Alternatively, you may receive an email notification when your certificate is ready for download.

You can also return to the SCM self-enrollment interface at any time to download your certificate.