Versions Compared

Old Version 97

changes.mady.by.user Kent Engström

Saved on

compared with

New Version 98

changes.mady.by.user Kent Engström

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • On the SSL Certificate tab, enable Self Enrollment and put a shared secret value in Access Code and copy the URL present below that field. You can now hand out this URL to persons who can use it with the access code to access the Certificate enrollment page for non-admins. As you can see when you test using it, it contains approximately the same fields as the "Add Certificate" pages in the SCM itself. Be aware that the email address is not checked (more than for having the right domain) so you need an out-of-band method of authenticating the requestor.
  • If you have SAML attribute release working towards Sectigo (see "SAML Configuration" below), you can also enable "Self Enrollment via SAML", keep the Access Code secret and hand out the URL below the Token field to users. They will then have to authenticate using SAML before getting to the same kind of enrollment form as above. As the email address will now come from your IdP via SAML you can be more confident that it is correct, but it is up to you to decide if it is good enough, or you still will require additional conformation out-of-band before approving.
  • Do not enable "Automatically Approve Self Enrollment Requests". At least, you will want to manually approve certificate requests arriving via this route!
  • You might also want to customize the SSL Types for the Enrollment Form (on the right-hand side), to stop users from selecting certificate types you do not want them to. You can still keep the ability to select them in the SCM (the left-hand Admin UI selection). 2020-08-18: This does not work like this after the certificate profile changes earlier this summer. We will update this later.

Revoking SSL Certificates

Certificates issued on 2021-06-07 and later: You should be able to revoke them in SCM under Certificates, using the Revoke button with the certificate selected.

Certificates issued before 2021-06-07:  You cannot revoke them in SCM. If there is no security-related reason for revoking (for example, you just want to see in SCM that the certificate is no longer the current one), then you will have to live with not being able to do that. If there is a security-related reason for revoking (for example, you suspect the private key has been leaked), use the revocation portal linked below.

You can use the Sectigo Certificate Revocation Portal to revoke certificates outside of the SCM, using other methods to authenticate the request.

Client Certificates

Self-service portal via SAML

...