DigiCert PKI Platform (Symantec Managed PKI)
- 08 Mar 2022
- 1 Minute to read
- Print
- DarkLight
- PDF
DigiCert PKI Platform (Symantec Managed PKI)
- Updated on 08 Mar 2022
- 1 Minute to read
- Print
- DarkLight
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
DigiCert PKI Platform (formerly Symantec Managed PKI) provides a cloud-based enterprise solution for issuing and managing digital certificates to provide authentication and encryption.
Parameters
- Domain (required, default: https://pki-ws.symauth.com/pki-ws) - The Digicert PKI Platform Web Services endpoint. Use the default value.
- RA Certificate File (required) - CER file generated by Digicert PKI Platform. See the section below for details.
- Private Key File (required) - A non-encrypted (passphrase free) private key file.
- HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to Domain.
- If supplied, Axonius will utilize the proxy when connecting to the host defined for this connection.
- If not supplied, Axonius will connect directly to the host defined for this connection.
NOTE
For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.
APIs
Axonius uses the PKI Web Services, which is a Web Service hosted at DigiCert that provides the capability to integrate with DigiCert PKI Platform.
Generating RA Certificate and Private Key Files
Prerequisite: OpenSSL utility.
- Run the following OpenSSL command line to generate a key file (use axonius.key for "Private Key File" field):
openssl req -new -newkey rsa:2048 -nodes -out axonius.csr -keyout axonius.key -subj "DigiCert MPKI Axonius Client"
Generate an RA Certificate as follows:
- In Digicert PKI Platform Manager, select Get RA certificate from the Tasks icon at the bottom of the screen.
- Paste the contents of axonius.csr file in to the request field. Click Submit.
- When you are prompted, download the resulting cert.p7b certificate file.
- Convert the resulting cert.p7b file into a .cer file using Digicert instructions:
openssl pkcs7 -print_certs -in certi.p7b -out cert.cer
- Use the outputted cert.cer file for “RA Certificate File” field.
Once the adapter is configured successfully, it is recommended to delete the private key file to prevent potential compromise.