Concept
Infisical can issue OV and EV TLS certificates directly from DigiCert CertCentral using the CertCentral Services API.Prerequisites
- A DigiCert App Connection with a validated CertCentral API key.
- A CertCentral Organization that has been pre-validated by DigiCert
- Entitlement to either the OV or EV SSL product on your CertCentral account.
Create a DigiCert Certificate Authority
- Infisical UI
- API
Create a DigiCert App Connection
Follow the DigiCert App Connection guide to store your CertCentral API key in Infisical.
Create the External CA
In Certificate Manager, go to Settings → Certificate Authorities, click Create CA in the External Certificate Authorities section, choose DigiCert CertCentral as the type, and fill out the form:
- App Connection — the DigiCert connection you created
- Organization — the CertCentral organization that should appear on issued certificates
- Product — the CertCentral entitlement this CA will issue under
DigiCert Validation Workflow
When you request a certificate through a DigiCert CertCentral CA, the request moves through these states:| State | Description |
|---|---|
| Pending Validation | DigiCert has accepted the order. Complete domain control validation in DigiCert CertCentral. |
| Issued | Infisical polls DigiCert and downloads the certificate once validation completes. Click Trigger Validation to force an immediate check. |
| Failed | If DigiCert does not issue within 24 hours. Complete validation on CertCentral and submit a new request. |
OV and EV certificates require manual domain validation on the DigiCert CertCentral side before issuance.
FAQ
What happens when I revoke a DigiCert-issued certificate in Infisical?
What happens when I revoke a DigiCert-issued certificate in Infisical?
Revoking the certificate in Infisical immediately marks it
Revoked in the local inventory
and submits a revocation request to DigiCert CertCentral against the underlying order.
Depending on your CertCentral account’s revocation policy, DigiCert may queue that request for
administrator approval before the certificate is actually revoked on their side.What’s Next
Now that your DigiCert CA is configured, set up the infrastructure to issue certificates:Certificate Profiles
Create a profile that references your DigiCert CA.
Applications
Create an Application, attach a profile, and configure enrollment.
Enrollment Methods
Choose how certificates are requested — API, ACME, EST, or SCEP.
Quick Start
Issue your first certificate end-to-end.