Concept
Infisical can connect to DigiCert using the ACME-compatible CA integration to issue certificates back to your end-entities. DigiCert CertCentral supports the ACME protocol and requires External Account Binding (EAB) for all ACME registrations. You will need to obtain the ACME Directory URL, a Key Identifier (KID), and an HMAC Key from your DigiCert CertCentral account before registering the ACME CA in Infisical.Guide to Connecting Infisical to DigiCert
Retrieve ACME credentials from DigiCert CertCentral
Log in to your DigiCert CertCentral account and navigate to Automation > ACME Directory URLs in the left sidebar. Click Add ACME Directory URL at the top of the page.
In the modal that appears, configure the following options:
In the modal that appears, configure the following options:- Name: A friendly name for the credential set.
- Product: The certificate product to use.
- Division: The division to associate with issued certificates.
- Organization: Required for OV/EV certificates.
- Validity period: The certificate validity duration.
- ACME Directory URL: A unique URL generated for your ACME requests.
- Key Identifier (KID): Identifies your CertCentral account.
- HMAC Key: Used for authentication and encryption.
These credentials are only displayed once. Make sure to copy and save them in a secure location before dismissing the modal. If you lose your credentials, you will need to revoke them and generate new ones.
Create an External CA in Infisical
Follow the steps in the ACME-compatible CA integration guide to create an External CA in Infisical with the ACME CA type. When filling out the form, use the values from DigiCert:
- Directory URL: Paste the ACME Directory URL from DigiCert.
- EAB Key Identifier (KID): Paste the Key Identifier from DigiCert.
-
EAB HMAC Key: Paste the HMAC Key from DigiCert.
Issue certificates
Once the External CA is created, follow the rest of the ACME-compatible CA integration guide to create a Certificate Profile and start issuing certificates through DigiCert.