DigiCert KnowledgeBase - Technical Support-hero

Knowledge Base

Create New Profile for Non-PKI Client Autoenrollment | PKI Platform

Solution ID : GN110619191908
Last Modified : 06/13/2024

Description

  1. Login to DigiCert PKI Platform
  2. Create a NEW certificate profile, based on the same BCT, bind it to the new DigiCert Public CA and configure it in the same way as the original one – you may choose to have two browser windows side-by-side showing the PKI Manager portal, to facilitate the task
  3. Test issuance of a certificate via the appropriate Enrollment method (OS/Browser, CSR, PKI Client, SCEP, iOS, PKI Web Services) and appropriate certificate lifecycle operations
  4. If end-to-end testing is successful, SUSPEND the OLD cert profile so that no more certs are issued from it:

  5. Click on the Suspend button:
  6. If configured, modify the Email notification setting for Revoked certificates to NOT send email notifications to Users – this is in case the Admin decides to also DELETE the profile and choose to automatically Revoke all certificates issued from it.

    Click on the OLD certificate profile -> under Customize certificate notifications, click Edit -> under Recipients, uncheck the Certificate user check box:
  7. [OPTIONAL] DELETE the OLD profile by clicking on the Delete profile link and check the “I want to delete this profile and revoke all certificates assigned to it”:
  8. Click on the Delete Profile button. If successful, you will be presented with a success message showing the Job ID for the bulk revocation asynchronous task, which will run in the background. Once completed, the account Administrator will be notified via email:

If you have issues performing these steps, please contact DigiCert PKI Support.