Certificate enrollment
The enrollment process begins when your administrator sends you an invitation email or provides you with a URL for the self-enrollment form.
Enroll for a certificate
The enrollment process is the same for all certificate types, but the fields in the enrollment form differ based on the certificate type and the method of certificate signing request (CSR) generation.
| Before beginning the enrollment process, confirm with your administrator whether you are required to install the Sectigo Security for Windows application. |
-
Access and authenticate to the SCM self-enrollment interface using the email or direct URL provided by your SCM administrator.
For information on authentication methods, see Authentication and Authorization Methods. -
If you are not taken directly to the enrollment form, click Enroll Certificate.
-
Use the appropriate authorization method to access the corresponding enrollment account.
If you have multiple enrollment accounts, you may see multiple authorization methods. Each authorization method corresponds to a different enrollment account. Some accounts may not require authorization. -
Complete the enrollment form based on the information provided in the following table.
Field Description Certificate Profile
The certificate profile to be used for certificate issuance.
Certificate Term
The validity period of the certificate. The available terms depend on the configuration of the certificate profile.
CSR
The certificate signing request (CSR) to be used for certificate issuance.
Key Type
The key size or curve to be used to generate the cryptographic key pair for the certificate.
Common Name
The common name (CN) to be used for certificate issuance.
Subject Alternative Name
Additional domain names, IP addresses, email addresses, or other identifiers that the certificate should be valid for.
External Requesters
The email address of any external requester(s).
Comments
Comments or notes about the certificate.
Auto-Renew
Whether the certificate should be automatically renewed when it is about to expire.
Days before expiration
The number of days before expiration to attempt certificate auto-renewal.
Custom Fields
The available custom fields depend on the configuration of the certificate profile.
-
If prompted, review the EULA, and select I have read and agree to the terms of the EULA.
-
Click Submit.
Since the enrollment form may be configured to require approval from your SCM administrator, it is best practice to immediately notify your administrator that you have submitted a request. -
(Sectigo Security for Windows only) If prompted, click Open SectigoSecurityWF to launch the Sectigo Security for Windows application.
Depending on the configuration of the enrollment form, you may be prompted to download the certificate and private key immediately. Alternatively, you may receive an email notification when your certificate is ready for download.
| You can also return to the SCM self-enrollment interface at any time to download your certificate. |
-
Access and authenticate to the SCM self-enrollment interface using the email or direct URL provided by your SCM administrator.
For information on authentication methods, see Authentication and Authorization Methods. -
If you are not taken directly to the enrollment form, click Enroll Certificate.
-
Use the appropriate authorization method to access the corresponding enrollment account.
If you have multiple enrollment accounts, you may see multiple authorization methods. Each authorization method corresponds to a different enrollment account. Some accounts may not require authorization. -
Complete the enrollment form based on the information provided in the following table.
Field Description Certificate Profile
The certificate profile to be used for certificate issuance.
Certificate Term
The validity period of the certificate. The available terms depend on the configuration of the certificate profile.
Key Type
The key size or curve to be used to generate the cryptographic key pair for the certificate.
CSR
The certificate signing request (CSR) for the device certificate. The CSR must match one of the key types supported by the certificate profile.
First name
The first name of the certificate subject.
Middle name
The middle name of the certificate subject.
Last name
The last name of the certificate subject.
Comments
Comments or notes about the certificate.
Custom Fields
The available custom fields depend on the configuration of the certificate profile.
-
If prompted, review the EULA, and select I have read and agree to the terms of the EULA.
-
Click Submit.
-
(Sectigo Security for Windows only) If prompted, click Open SectigoSecurityWF to launch the Sectigo Security for Windows application.
Depending on the configuration of the enrollment form, you may be prompted to download the certificate and private key immediately. Alternatively, you may receive an email notification when your certificate is ready for download.
| You can also return to the SCM self-enrollment interface at any time to download your certificate. |
-
Access and authenticate to the SCM self-enrollment interface using the email or direct URL provided by your SCM administrator.
For information on authentication methods, see Authentication and Authorization Methods. -
If you are not taken directly to the enrollment form, click Enroll Certificate.
-
Use the appropriate authorization method to access the corresponding enrollment account.
If you have multiple enrollment accounts, you may see multiple authorization methods. Each authorization method corresponds to a different enrollment account. Some accounts may not require authorization. -
Complete the enrollment form based on the information provided in the following table.
Field Description Certificate Profile
The certificate profile to be used for certificate issuance.
Certificate Term
The validity period of the certificate. The available terms depend on the configuration of the certificate profile.
Key Type
The key size or curve to be used to generate the cryptographic key pair for the certificate.
Common Name
The common name (CN) to be used for certificate issuance.
CSR
The certificate signing request (CSR) for the device certificate. The CSR must match one of the key types supported by the certificate profile.
Comments
Comments or notes about the certificate.
Custom Fields
The available custom fields depend on the configuration of the certificate profile.
-
If prompted, review the EULA, and select I have read and agree to the terms of the EULA.
-
Click Submit.
Since the enrollment form may be configured to require approval from your SCM administrator, it is best practice to immediately notify your administrator that you have submitted a request. -
(Sectigo Security for Windows only) If prompted, click Open SectigoSecurityWF to launch the Sectigo Security for Windows application.
Depending on the configuration of the enrollment form, you may be prompted to download the certificate and private key immediately. Alternatively, you may receive an email notification when your certificate is ready for download.
| You can also return to the SCM self-enrollment interface at any time to download your certificate. |
-
Access and authenticate to the SCM self-enrollment interface using the email provided by your SCM administrator.
For information on authentication methods, see Authentication and Authorization Methods. -
If you are not taken directly to the enrollment form, click Enroll Certificate.
-
Use the appropriate authorization method to access the corresponding enrollment account.
If you have multiple enrollment accounts, you may see multiple authorization methods. Each authorization method corresponds to a different enrollment account. Some accounts may not require authorization. -
Complete the enrollment form based on the information provided in the following table.
Field Description Certificate Term
The validity period of the certificate. The available terms depend on the configuration of the certificate profile.
Certificate Email (SAN)
Additional domain names, IP addresses, email addresses, or other identifiers that the certificate should be valid for.
First name
The first name of the certificate subject.
Last name
The last name of the certificate subject.
Shipping Type
The shipping method for the physical token.
CSR
The certificate signing request (CSR) for the device certificate. The CSR must match one of the key types supported by the certificate profile.
Key Attestation
The attestation key created in the hardware security module (HSM) during key generation.
HSM Type
The type of HSM to be used for key storage.
The currently supported HSM types are:
-
Luna
-
Yubikey
-
Marvell/Google
-
Fortanix
-
YubiHSM2
For additional information about key attestation, see Key Attestation Code Signing Guide for Enterprise Customers. Comments
Comments or notes about the certificate.
Custom Fields
The available custom fields depend on the configuration of the certificate profile.
When receiving a physical token, the mailing address custom fields are mandatory. -
-
If prompted, review the EULA, and select I have read and agree to the terms of the EULA.
-
Click Submit.
-
(Sectigo Security for Windows only) If prompted, click Open SectigoSecurityWF to launch the Sectigo Security for Windows application.
Depending on the configuration of the enrollment form, you may be prompted to download the certificate and private key immediately. Alternatively, you may receive an email notification when your certificate is ready for download.
| You can also return to the SCM self-enrollment interface at any time to download your certificate. |