This document provides information on how to sign a certificate with DigiCert in Segura, since the creation of the certificate authority until the revocation of the certificate.
Requirements
- A DigiCert account with proper permissions.
- A credit card valid to buy the certificate.
- A domain available to validate the certificate.
Obtain DigiCert user details
To configure DigiCert on Segura, you need your DigiCert user details.
- Access DigiCert, and log in to your account.
- Click Account > User to find your user details, even your username.
Generate an API Key
- Access DigiCert, and log in to your account.
- In your DigiCert account, go to Automation > API Keys.
- Click Add API Key to create a new key to your user.
Get the Account ID
- Use the API Key generated on the previous step to access DigiCert's Account API.
- The response of the API will be an
JSON
with your Account ID. - Enter the data on Segura, filling the Certificate Authority fields with the obtained API Key and Account ID.
- Click Save.
Create a certificate authority on Segura
For information on how to create a DigiCert CA on Segura, see How to integrate with a DigiCert CA.
Create an organization on Segura
For information on how to create an organization on Segura, see How to configure organizations.
Generate a Certificate Signing Request (CSR)
- On Segura, in the navigation bar, hover over the Products menu and select Certificate Manager.
- In the side menu, select Requests > SSL/TLS.
- In the top right corner, click Add.
- Enter the following certificate information:
- Type of certificate.
- Type of domain.
- Organization: Select the organization created previously. (For example: MT4 Tecnologia LTDA).
- Common Name: Enter the domain to be protected by the certificate. (For example:
www.yourdomain.com
).CautionThis domain must be accessible on the Internet for validation purposes.
- Expiration (in days): For test purposes, select the 7 days options to reduce costs.
- Encryption algorithm: Choose between RSA and DSA. For this example, we will use RSA.
- Length of the cryptographic key: Choose between 4096, 2048, and 1024. For this example, we will use 4096.
- Certificate Signature Algorithm: Choose between SHA256, SHA384, and SHA512. For this example, we will use SHA256.Info
Data related to the RapidSSL Standard DV certificate valid for up to 7 days costs $1.13.
- Additional configuration: Select the option to use the previously created CA.
- Save all configurations.
Add funds in DigiCert
- In your DigiCert account, access your financial section in Finances > Deposit Funds.
- Add funds.
- Select the desired certificate type.
- Enter the required value.
The RapidSSL Standard DV certificate valid for up to 7 days costs $1.
- Enter your credit card data, and click Submit.
Sign a CSR
- On Segura, in the navigation bar, hover over the Products menu and select Certificate Manager.
- In the side menu, select Requests > SSL/TLS.
- In the desired request, click Actions > Request signature.
- In the General tab, enter the system data.
- In the Additional information tab, enter the CA information to sign the certificate.
- Choose the desired type of domain validation. (For example: DNS TXT).
- Click Save.
- DigiCert will generate a request, and the certificate's status will be Waiting Signature.
Validate the domain
- In your DigiCert account, access the buying order in Certificates > Orders.
- Find the order, and click the number of your buying order.
- Go to Prove control over domains.
- DigiCert will generate a unique
TXT
code to validate your domain. Copy this code. - Create a new
.txt
in your domain. - Access the DNS configurations in your domain.
- Create a new
.txt
registry with the code from the previous step. - Wait for the DNS propagation.Info
The DNS propagation can take some time to finish.
- Verify the domain.
- In the DigiCert page, click Check site so DigiCert validates your domain.
- Wait for the certificate to be issued.
After the validation of your domain, the certificate will be issued by DigiCert, and will be available on Segura after a couple of minutes.
Revoke the certificate (if necessary)
- On Segura, in the navigation bar, hover over the Products menu and select Certificate Manager.
- In the side menu, select Certificates > SSL/TLS.
- In the desired certificate, click Actions > Revoke certificate.
- Click Yes to confirm the revocation.
- A request will be sent to DigiCert.
Approve the revoke request in DigiCert
- In your DigiCert account, and go to Certificates > Requests.
- You will see a revoke request pending.
- Approve the request to revoke the certificate.
- After approval, the status of the certificate on Segura will be changed to Revoked.
Do you still have questions? Reach out to the Segura Community.