1. Home
  2. SSL/TLS certifikáty
  3. Podle ověření
  4. Automation
  5. Connecting Azure Key Vault with DigiCert CA – A Simple Guide
{"copy":"Copy","expand":"Expand","collapse":"Collapse","copy_success":"Copied!","copy_error":"Copying failed!"}

Connecting Azure Key Vault with CA DigiCert

This guide describes how to quickly and easily connect Azure Key Vault with CA DigiCert using the predefined integration available directly in the Azure Portal. Thanks to this integration, you can fully automate the process of issuing, managing, and renewing certificates without having to manually intervene in certificate requests or installations. Azure Key Vault, thanks to the direct connection to the DigiCert API, allows smooth and secure management of certificates in the cloud environment with minimal administrative burden.

What is Azure Key Vault?

Azure Key Vault is a cloud service from Microsoft designed for securely storing and managing sensitive information, such as cryptographic keys, secrets, or certificates. It enables centralized access control, encryption, and automated management of the certificate lifecycle, significantly enhancing security and reducing the risk of data leaks or administrative errors.

Requirements

For connecting Azure Key Vault to CA DigiCert, you need the following:

  • Azure subscription
  • Azure Key Vault created in your subscription
  • DigiCert API key
  • Organization ID at DigiCert

To obtain the necessary data from DigiCert, such as the API key and Organization ID, please contact SSLmarket support.

We will prepare and set up these details for you, including completing the necessary organization pre-verification, which is a condition for seamless certificate issuance. We recommend that you do not contact DigiCert directly unless you have a contract with them; it is not necessary.

Setting up CA DigiCert in Azure Key Vault

Obtain the API key and find out the Organization ID

  1. Obtain the API key of CA DigiCert through us.
  2. Have us create an organization, verify it, and send its Organization ID to you.

Adding DigiCert as CA in the Azure Portal

  1. Open Azure Portal and go to your Key Vault.
  2. In the left menu, select CertificatesCertificate Authorities.
  3. Click on + Add.
  4. In the Issuer name field, enter e.g., digicert.
  5. In the Certificate Authority section, select DigiCert from the list.
  6. Fill in the fields:
    • API Key – DigiCert API key
    • Organization ID – identifier of your organization with CA DigiCert
  7. Confirm the creation by clicking Create.
Connecting Azure Key Vault with CA DigiCert
Connecting Azure Key Vault with CA DigiCert, source: learn.microsoft.com

Creating a certificate in the Key Vault

  1. In Key Vault, choose Certificates.
  2. Click on + Generate/Import.
  3. Select the Generate option and enter the certificate name.
  4. In the Certificate Type section, select Integration with CA.
  5. Choose DigiCert as the CA issuer.
  6. Set additional parameters (Common Name, validity, key size, etc.).
  7. Complete the creation.

Azure will now automatically request DigiCert to issue a certificate and will manage it within the Key Vault – including renewal and rotation. The entire certificate lifecycle is automated.

Billing of certificates

All certificates that will be issued to your DigiCert account will be charged to your SSLmarket customer account, and invoiced. Therefore, you will pay for them retroactively and not before obtaining them, as is common.

Source: Article Integrating Key Vault with Integrated Certificate Authorities, available at learn.microsoft.com