DigiCert PKI Platform (formerly Symantec Managed PKI) provides a cloud-based enterprise solution for issuing and managing digital certificates to provide authentication and encryption.
Types of Assets Fetched
This adapter fetches the following types of assets:
- Devices
Parameters
- Domain (required, default: https://pki-ws.symauth.com/pki-ws) - The DigiCert PKI Platform Web Services endpoint. Use the default value.
- RA Certificate File (required) - CER file generated by DigiCert PKI Platform. See the section below for details.
- Private Key File (required) - A non-encrypted (passphrase free) private key file.
- HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
APIs
Axonius uses the PKI Web Services, which is a Web Service hosted at DigiCert that provides the capability to integrate with DigiCert PKI Platform.
Generating RA Certificate and Private Key Files
Prerequisite: OpenSSL utility.
- Run the following OpenSSL command line to generate a key file (use axonius.key for "Private Key File" field):
openssl req -new -newkey rsa:2048 -nodes -out axonius.csr -keyout axonius.key -subj "DigiCert MPKI Axonius Client"
-
Generate an RA Certificate as follows:
- In DigiCert PKI Platform Manager, select Get RA certificate from the Tasks icon at the bottom of the screen.
- Paste the contents of axonius.csr file in to the request field. Click Submit.
- When you are prompted, download the resulting cert.p7b certificate file.
- Convert the resulting cert.p7b file into a .cer file using Digicert instructions:
openssl pkcs7 -print_certs -in certi.p7b -out cert.cer
- Use the outputted cert.cer file for “RA Certificate File” field.
-
Once the adapter is configured successfully, it is recommended to delete the private key file to prevent potential compromise.