2.1 Setting up authentication

Communication with DigiCert ONE is through either a Client Authentication certificate or an API key. MyID supports either method; you must choose which method to use for your CA.

Each authentication route has a specific DigiCert-hosted endpoint.

For example, in DigiCert-hosted environments using an API Key:

• Production: one.digicert.com

• Demo: demo.one.digicert.com

In DigiCert-hosted environments using a Client Authentication certificate:

• Production: clientauth.one.digicert.com

• Demo: clientauth.demo.one.digicert.com

Use the relevant URI (complete with protocol and port, if appropriate) as the Service Point in the Certificate Authorities workflow in MyID; for example:

https://demo.one.digicert.com

Note: DigiCert typically produces the Client Authentication credential as a .p12/.pfx file; however you can also use a .cer file within MyID, where that reflects an imported PKCS#12 or usage of an HSM-backed credential created by DigiCert. You cannot use a .pkcs12 file.

If you create an API/client authentication credential based on an admin user, you may expose your system to unnecessary risk. Use an admin user only for pre-production systems. For production systems, you are recommended to create a service user instead, and grant it the necessary permissions to carry out certificate processing tasks. Contact DigiCert customer support if you require more information about the minimum necessary permissions.