DigiCert PKI Platform (Symantec Managed PKI)

DigiCert PKI Platform (formerly Symantec Managed PKI) provides a cloud-based enterprise solution for issuing and managing digital certificates to provide authentication and encryption.

Parameters

1. Domain (required, default: https://pki-ws.symauth.com/pki-ws) - The Digicert PKI Platform Web Services endpoint. Use the default value.
2. RA Certificate File (required) - CER file generated by Digicert PKI Platform. See the section below for details.
3. Private Key File (required) - A non-encrypted (passphrase free) private key file.
4. HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to Domain.
   • If supplied, Axonius will utilize the proxy when connecting to the host defined for this connection.
   • If not supplied, Axonius will connect directly to the host defined for this connection.
     
     

APIs

Generating RA Certificate and Private Key Files

Prerequisite: OpenSSL utility.

1. Run the following OpenSSL command line to generate a key file (use axonius.key for "Private Key File" field):

openssl req -new -newkey rsa:2048 -nodes -out axonius.csr -keyout axonius.key -subj "DigiCert MPKI Axonius Client"

2. Generate an RA Certificate as follows:

   1. In Digicert PKI Platform Manager, select Get RA certificate from the Tasks icon at the bottom of the screen.
   2. Paste the contents of axonius.csr file in to the request field. Click Submit.
   3. When you are prompted, download the resulting cert.p7b certificate file.
   4. Convert the resulting cert.p7b file into a .cer file using Digicert instructions:

   openssl pkcs7 -print_certs -in certi.p7b -out cert.cer
   

   5. Use the outputted cert.cer file for “RA Certificate File” field.

3. Once the adapter is configured successfully, it is recommended to delete the private key file to prevent potential compromise.