Configure SCM
This page provides the steps to validate the domains, create an ACME account, and obtain EAB values in SCM.
Validate the domains
-
Log in to SCM at
https://cert-manager.com/customer/<customer_uri>
with the MRAO administrator credentials provided to your organization.Sectigo runs multiple instances of SCM. The main instance of SCM is accessible at
https://cert-manager.com
. If your account is on a different instance, adjust the URL accordingly. -
(Optional) Navigate to the Organizations page to see if an organization with departments already exists. On this page you can create a new organization or add departments to an existing organization.
To add an organization:
-
Click Add.
-
Complete the fields with the organization’s details, then click Next.
-
Configure settings for specific types of certificates.
-
Click Save.
-
Select the newly created organization from the list of organizations.
-
Click Add Department and complete the fields with the department’s details.
-
Click Validate to start the validation process for this organization.
-
-
Navigate to the Domains page.
-
To create a new domain entry, click Add.
-
Specify the domain name, select the organizations/departments to delegate the domain to, and the allowed certificate types.
-
Click Save.
-
If your organization or department requires delegations to be approved:
-
Select the newly created domain from the list of domains.
-
Click Approve Delegations.
-
Select the organization or department, then click Approve.
To change the organization or department which the domain is delegated to, click Delegate and select the appropriate Organizations/Departments.
-
-
(Public CA only) Validate your domain:
For single-domain DV certificates, domains can be validated by using SCM or ACME challenge validation. All other types of certificates require domains to be validated in SCM. -
Select your domain and click Validate.
-
Select the appropriate DCV method as per your initial setup.
The following steps assume that you selected Email as the DCV method. -
Click Next.
-
In Select an email address, select a registered email.
-
Click Submit.
A message confirms that the validation letter was sent to your selected email.
-
Click OK.
-
Follow the instructions provided in the email to validate your domain.
Once the domain is validated, its Status will change to Validated on the Domains page.
-
Create an ACME account and obtain the EAB values
-
Log in to SCM at
https://cert-manager.com/customer/<customer_uri>
with the MRAO administrator credentials provided to your organization.Sectigo runs multiple instances of SCM. The main instance of SCM is accessible at
https://cert-manager.com
. If your account is on a different instance, adjust the URL accordingly. -
Navigate to
. -
Select your ACME endpoint.
-
Click Accounts.
-
Click Add and provide the following details:
-
Name: A name for the ACME account
-
Organization: The organization to be associated with the ACME account
-
Department: (Optional) The department to be associated with the ACME account
-
-
Click Save.
External Account Binding (EAB) is now created for the new ACME account.
Make a note of the following ACME account details for client registration:
-
ACME URL
-
Key ID
-
HMAC Key
Once the client is successfully registered, these values will be erased from the system.
-
-
Click Close.