Under profiles.<profile>, add a properties section with the following DigiCert CA-specific settings.
cert-type
Enter the certificate types, also referred to as "DigiCert products", supported by the profile. List them as a comma-separated string of DigiCert identifiers.
["ssl_cloud_wildcard", "ssl_plus", "ssl_multi_domain"]See the available values at:
https://dev.digicert.com/en/certcentral-apis/services-api/glossary.html#product-identifiers
Mandatory: Yes.
dcv-method
The method to prove control over a domain when requesting an SSL/TLS certificate from a DigiCert CA. Supported values are the following.
Value | Description |
|---|---|
| CNAME DNS record validation |
| HTTP file validation |
| Dynamic HTTP file validation |
| TXT DNS record validation |
Mandatory: When the selected product requires a validation method.
verified-contact-email
The email address of the Verified Contact associated with the organization requesting an EV certificate.
Mandatory: Only for Extended Validation (EV) certificates.
signature-hash
The cryptographic algorithm for generating a hash of the signed data.
Supported values are:
- sha256
- sha384
- sha512
Mandatory: Yes.
order-validity-years
The number of years for which each certificate order remains active, allowing certificates to be issued, reissued, or renewed under the same order.
Mandatory: No. This optional value defaults to one year.
cert-validity-years
The number of years for which each certificate is valid and trusted after issuance, as determined by the issuance date and expiration date.
Mandatory: Only applies to multi-year plans. When this optional value is omitted, the CA sets the validity period according to the CAB Forum baseline requirements.