Skip to main content
banner image
venafi logo

DigiCert Private PKI for Venafi Cloud

DigiCert Private PKI for Venafi Cloud

April 18, 2017 | DigiCert

Using your own DigiCert Private PKI Certificates in your Venafi Cloud for DevOps environment

DigiCert has integrated with Venafi Cloud to improve how DevOps testing environments incorporate digital certificates into their process by providing convenient and seamless access to free Private PKI certificates for their private testing and build environments only. DigiCert is offering Venafi Cloud customers free limited-use Private PKI certificates making it easier to:

  • protect their DevOps environments.
  • ensure that security can be part of their development cycle right from the start.
  • enforce their security policies.

If you plan to make Venafi Cloud a more permanent part of your DevOps environment, you may want to turn your Venafi Cloud instance into a dedicated trust environment by using your own Private PKI certificates for added security. Venafi has made it easy for their customers to issue their own DigiCert Private PKI certificate within their Cloud environments through our CertCentral® platform.

For more information, see our blog.

Issuing Your Own Private PKI Certificates in Your Venafi Cloud DevOps Environment

To begin issuing your own Private PKI certificates in your Venafi Cloud environment you need two things: private root with intermediate certificates and CertCentral account.

Private PKI Certificates

With the DigiCert Private PKI solution, we will create your own private root and secure it, while allowing you oversight of your intermediate, its properties, what types of certificates it can issue, and the names on those certificates.

Want to learn more about getting your own DigiCert Private PKI solution? Call 1.855.800.3444 or contact [email protected] for further information.

Linking Your Private PKI Solution to Your Venafi Cloud Account

Once you’ve secured your DigiCert Private PKI Certificate, follow the steps below to link Venafi Cloud account to your DigiCert CertCentral® account so that you can begin issuing your own SSL/TLS Private PKI Certificates.

  1. Create a CertCentral API key in your CertCentral Account. Create an API Key
  2. Add the CertCentral API key to your Venafi Cloud account. Add Your CertCentral API
1.    Create an API Key in Your DigiCert CertCentral Account

Inside your CertCentral account, you need to create an API key that will be used to link your Venafi Cloud account to your CertCentral account.

Managing Your API Key: How to Create Your Own CertCentral API Key

In your CertCentral account, you can issue an API Keys through your user Profile Settings.

  1. In your CertCentral account, in top right corner, in the “User Name” drop-down list, select My Profile.

    DigiCert-1.png
     
  2. On the Profile Settings page, click API Keys.

    DigiCert-2.png
     
  3. On the API Keys page, click +Add API Key.

    DigiCert-3.png
     
  4. Next, open a text editor (such as Notepad).
     
  5. In the Add API Key window, do the following:

    Description: In the box, type a description/name for the API key.

    User: In the drop-down list, select yourself.

    Note: Because the User role can't issue API keys for other users, the drop-down list doesn't appear in their UI.

    DigiCert-4.png
     
  6. When you are done, click Add API Key.
     
  7. In the New API Key window, above “For security reasons, we cannot show this again.” copy your API key and paste it in to your text editor.

    You will eventually need to enter your API key (this string of random numbers and letters) into the appropriate field in your Venafi Cloud account.

    CAUTION: Do not close the New API Key window until you have saved a copy of the API key. If you close the window without recording your new API key, you will not be able to retrieve it. You will need to revoke the API key that you just created and create a new one.

    DigiCert-5.png
     
  8. Save your text editor document, making sure to note its location.

    API Key Storage Recommendations:

    Because your API Key effectively the same thing as a username and password, we recommend storing your API key in a secure secret management system (e.g., Last Pass or KeePass).
     
  9. In the New API Key window, once you have saved a copy of your API key, click I understand I will not see this again.
2. Add the CertCentral API Key to Your Venafi Cloud Account
  1. In your Venafi Cloud account, on the Health Maps dashboard, in the top menu, click Admin > Certificate Providers.

    DigiCert-6.png
     
  2. On the Certificate Providers page, click +.

    DigiCert-7.png
     
  3. In the Add a Certificate Provider window, to the following tasks and then click Add Provider:

    Name: Enter a name for the SSL Certificate that can be ordered.

    Certificate Authority: In the drop-down list, select DIGICERT.

    API Key: Enter your CertCentral API key.

    DigiCert-8.png
     
  4. On the Certificate Provider page, you should now see DigiCert as your certificate provider.

    DigiCert-9.png

 

 

 

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

About the author

get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat