Documentation Index

Fetch the complete documentation index at: https://docs.senhasegura.io/llms.txt

Use this file to discover all available pages before exploring further.

How to sign a certificate with DigiCert

Prev Next

This document provides information on how to sign a certificate with DigiCert in the Segura® Platform, from the creation of the certificate authority until the revocation of the certificate.

Requirements

  • A DigiCert account with proper permissions.
  • A credit card valid to buy the certificate.
  • A domain available to validate the certificate.

Obtain DigiCert user details

To configure DigiCert in the Segura® Platform, you need your DigiCert user details.

  1. Access DigiCert and log in to your account.
  2. Click Account > User to find your user details, including your username.

Generate an API Key

  1. Access DigiCert and log in to your account.
  2. In your DigiCert account, go to Automation > API Keys.
  3. Click Add API Key to create a new key to your user.

Get the Account ID

  1. Use the API Key generated on the previous step to access the DigiCert's Account API.
  2. The response of the API will be a JSON with your Account ID.
  3. Enter the data in the Segura® Platform, filling the certificate authority fields with the obtained API Key and Account ID.
  4. Click Save.

Create a certificate authority in the Segura® Platform

For information on how to create a DigiCert CA in the Segura® Platform, see How to integrate with a DigiCert CA.

Create an organization in the Segura® Platform

For information on how to create an organization in the Segura® Platform, see How to configure organizations.

Generate a Certificate Signing Request (CSR)

  1. On Segura® Platform, in the navigation bar, hover over the Products menu and select Certificate Manager.
  2. In the side menu, select Requests > SSL/TLS.
  3. In the top right corner, click Add.
  4. Enter the following certificate information:
    1. Certificate type *.
      Info

      The type of certificate selected when creating the CSR determines which DigiCert products will be available at the signing stage. For example: for EV (Extended Validation) products to appear when signing the CSR, the EV SSL — Extended SSL certificate type must have been selected during the request creation. If the expected product doesn’t appear, check the certificate type defined in the CSR and, if needed, create a new request with the correct type.

    2. Domain type *.
    3. Organizations *: Select the organization created previously. (For example: MT4 Tecnologia LTDA).
    4. Common name *: Enter the domain to be protected by the certificate. (For example: www.yourdomain.com).
      Attention

      This domain must be accessible on the Internet for validation purposes.

    5. Expiration (in days) *: For test purposes, select the 7 days option to reduce costs.
    6. Encryption algorithm *: Choose between RSA and DSA. For this example, we will use RSA.
    7. Encryption key size *: Choose between 4096, 2048, and 1024. For this example, we will use 4096.
    8. Certificate signature algorithm *: Choose between SHA256, SHA384, and SHA512. For this example, we will use SHA256.
    9. Additional configuration: Select the option to use the previously created CA.
  5. Save all configurations.

Add funds in DigiCert

  1. In your DigiCert account, access your financial section in Finances > Deposit Funds.
  2. Add funds.
  3. Select the desired certificate type.
  4. Enter the required value.
  5. Enter your credit card data and click Submit.

Sign a CSR

  1. On Segura® Platform, in the navigation bar, hover over the Products menu and select Certificate Manager.
  2. In the side menu, select Requests > SSL/TLS.
  3. In the desired request, click Actions > Request signature.
    1. In the General tab, enter the system data.
    2. In the Additional information tab, enter the CA information to sign the certificate.
    3. Choose the desired type of domain validation. (For example: DNS TXT).
    4. Click Save.
  4. DigiCert will generate a request, and the certificate's status will be Waiting signature.
Info

The products available for signing (e.g., Basic EV, Secure Site Pro SSL) depend on the certificate type selected in the CSR.

Validate the domain

  1. In your DigiCert account, access the buying order in Certificates > Orders.
  2. Find the order and click the number of your buying order.
  3. Go to Prove control over domains.
  4. DigiCert will generate a unique TXT code to validate your domain. Copy this code.
  5. Create a new .txt in your domain.
  6. Access the DNS configurations in your domain.
  7. Create a new .txt registry with the code from the previous step.
  8. Wait for the DNS propagation.
    Info

    The DNS propagation can take some time to finish.

  9. Verify the domain.
  10. In the DigiCert page, click Check site so DigiCert validates your domain.
  11. Wait for the certificate to be issued.

After the validation of your domain, the certificate will be issued by DigiCert and will be available on Segura® Platform after a couple of minutes.

Revoke the certificate (if necessary)

  1. On Segura® Platform, in the navigation bar, hover over the Products menu and select Certificate Manager.
  2. In the side menu, select Certificates > SSL/TLS.
  3. In the desired certificate, click Actions > Revoke certificate.
  4. Click Yes to confirm the revocation.
  5. A request will be sent to DigiCert.

Approve the revoke request in DigiCert

  1. In your DigiCert account, go to Certificates > Requests.
  2. You will see a revoke request pending.
  3. Approve the request to revoke the certificate.
Digital sovereignty is a fundamental right for citizens, institutions, and society. That’s why we work every day.
Connect With Us
SEGURA
LEARN
EXPLORE
Copyright © Segura. All Rights Reserved