Certificate owners
Certificate owners are account-wide email contacts who you can receive lifecycle event notifications about different types of certificates. You add the owner contacts in your DigiCert® Trust Lifecycle Manager account settings, and can then assign them to certificates in various ways.
Once assigned, certificate owners always receive email notifications about the following lifecycle events for applicable certificates:
Enrollment confirmation
Certificate renewal
Certificate status change (revoked, suspended, or resumed)
Key recovery
Before you begin
To view or manage certificate owners, you need either the Certificate owners manager or Manager role for Trust Lifecycle Manager or a custom role with one of the following permissions.
Permission | Capabilities |
|---|---|
|
|
|
|
Add certificate owners
To add one or more certificate owners to your Trust Lifecycle Manager account:
From the main menu, select Account > Settings > Contacts > Certificate owners.
Select the Add owners button on the right.
Enter the contact information for the first certificate owner:
Name: First and last name for this owner.
Email: The email address to send notifications to.
Identifiers: (Optional) To help identify and track this owner, select Add identifier to configure up to 3 custom key/value pairs for them.
(Optional) To enter additional certificate owners, select Add another certificate owner.
Select the Add button to save the new certificate owner(s).
Edit or delete a certificate owner
Select Account > Settings > Contacts > Certificate owners to list all the current certificate owners in your Trust Lifecycle Manager account.
To edit an owner:
Select the edit (pencil) icon next to the owner.
Update the contact information or identifiers for the owner.
Select Save to save your changes.
To delete an owner:
Select the actions (three dots) menu next to the owner.
Select Delete.
To confirm the delete operation, select the Delete certificate owner button.
Assign owners to certificates
To enable email notifications for certificate owners, assign them to the applicable certificates using one of the following methods.
Assign owners at the profile level to include them in all certificates issued or renewed from that profile. At the profile level, you can also configure options for whether to allow creation or assignment of additional owners in web-based enrollment requests.
You can assign owners to certificate profiles associated with the following seat types in Trust Lifecycle Manager.
Seat type | Exceptions |
|---|---|
Not available for profiles created from the | |
Not available for profiles created from any of the | |
— |
For supported base templates, select the certificate owners and related options in the Additional options > Certificate owners section of the profile configuration wizard:
Certificate owners: Use the dropdown to assign one or more owners to all certificates issued from this profile.
For profiles that use web-based enrollment methods (Browser PKCS12, CSR, or DigiCert Trust Assistant), you can allow assignment of additional owners as part of the enrollment request:
Allow assigning more owners: Select this option to allow users to assign additional owners when enrolling a new certificate from this profile. If enabled, the enrollment form includes a dropdown where the requester can select additional certificate owners from your account settings.
Allow creating/assigning custom owners: Select this option to allow users to create new contacts and assign them as owners when enrolling a new certificate from this profile. If enabled, the enrollment form includes an option for the requester to create a new owner and assign it to the certificate. The newly created owner also gets added to your account settings for future use and management.
For web-based enrollment flows, the certificate requester can assign owners when enrolling a certificate from a profile that includes one or both of the following options:
Allow assigning more owners: The requester can select additional owners from the Certificate owners dropdown. The owners must already be present in your account settings.
Allow creating/assigning custom owners: The requester can create and assign additional owners by selecting the Add custom owners link. New owners get added to your account settings for future use and management.
To allow users to manage certificate owners from the self-service portal, enable the Manage certificate owners action in the authenticated portal settings. You can enable this as an allowed action for:
Discovery/Imported certificates: Allow portal users to manage owners for discovered certificates (associated with Discovery seats).
Portal-enabled certificate profiles: Allow portal users to manage owners for certificates issued from specific profiles.
Assuming the portal user is properly authenticated and has access to the certificate in question, they can edit the list of certificate owners by selecting Update certificate owners from the actions (three dots) menu for that certificate.
The REST API for Trust Lifecycle Manager includes a Certificate owners controller with endpoints to view and manage certificate owners. You can assign owners by ID in the initial certificate request or to an existing certificate. Key endpoints include:
API endpoint | Description |
|---|---|
| List existing certificate owners. The response includes the IDs needed to assign owners via API. |
| Assign one or more owners to the existing certificate with the given ID. Provide the IDs of the owners to assign in the JSON request body. The certificate must be associated with a supported seat type (Certificate management, Discovery, Organization, or Server). |
| Issue a certificate via API. Use the |
참고
For more details about these endpoints and related ones, refer to the API reference for Trust Lifecycle Manager.
참고
To check the currently assigned owners for a certificate in your Inventory, open the certificate details page and look in the Additional details tab.
Remove owner assignments
To disable email notifications for certificate owners, remove the owner assignments from the applicable certificates.
To remove owners from a profile, edit the profile and remove the owners in the Additional options > Certificate owners section of the profile configuration wizard.
The removed owners will no longer get assigned to any new certificates issued from that profile.
If the Manage certificate owners action is enabled in the portal settings, authenticated portal users can select Update certificate owners to remove assigned owners from certificates they have access to.
You can remove owners from a certificate by ID using the following API endpoint for Trust Lifecycle Manager.
API endpoint | Description |
|---|---|
| Delete one or more owners from the certificate with the given ID. Provide the IDs of the owners to remove in the JSON request body. |
To disable all email notifications for a particular owner, delete them from your Account > Settings > Contacts > Certificate owners.
주의
Deleting an owner removes them from all associated certificates and certificate profiles. The owner no longer receives notifications for those certificates and cannot be assigned to new certificates.
What's next
Assigned certificate owners always receive email notifications about the following lifecycle events for applicable certificates:
Enrollment confirmation
Certificate renewal
Certificate status change (revoked, suspended, or resumed)
Key recovery