In the DigiCert Account Settings section, you can configure the following options:

  • Directory URL: Set the directory URL for the Certificate Authority (CA) environment.

  • Key ID: Set an account Key ID used for identification on the DigiCert account.

  • HMAC Key: Set the Hash-Based Message Authentication Code (HMAC) key used to authenticate to the DigiCert account.

After setting each of the options, click Save Account Settings.

Once you have successfully saved your account settings, the Manage DigiCert Certificates screen appears.

Renew Period

The Renew Period value specifies how many days in advance of certificate expiry you would like the certificate to be renewed. The Renew Period is an account-wide setting. Per-certificate renewal periods are not supported at this time.

Delete ACME Configuration Parameters

Delete the ACME configuration parameters (which allows you to configure either the Let's Encrypt or DigiCert configuration from the start).

Note: You can only delete the configuration if there are no ACME certificates.

Request New Certificate

Click Request New Certificate to request a new certificate from the DigiCert CA.

All fields on the Request a New Certificate screen are optional except for Certificate Identifier and Common Name (and you must select a Virtual Service next to the Common Name field).

Certificate Identifier: Enter a unique identifier. The Certificate Identifier value must be unique for all certificates on the LoadMaster.

Common Name: Enter the FQDN of your web server. This is case sensitive. Certificates are only issued to valid hosting domains that you have control over. Select the Virtual Service that is used for this domain. This will be used for the validation challenge to prove ownership of the domain.

Note: A HTTP/HTTPS Layer 7 Virtual Service must be already configured with the ability to add a SubVS (so it should not have any Real Servers added to the parent Virtual Service - but if there are existing SubVSs they can have Real Servers attached). For instructions on how to convert an existing Virtual Service with Real Servers attached to one with SubVSs with Real Servers attached, refer to the DigiCert Feature Description.
Note: A HTTP Redirect Virtual Service must be configured to redirect all port 80 requests to 443 because DigiCert communicates on port 80 to perform the HTTP-01 challenge.
Note: All valid Virtual Services that meet the criteria are listed in the drop-down list.

2 Letter Country Code: Optionally enter the two-letter country code. For a list of valid country codes, refer to the following page: SSL Certificate Country Codes. If using DigiCert, the 2 Letter Country Code to Email Address fields are truncated.

State/Province: Optionally enter the state or province to include in the certificate. Enter the full name, for example New York (not NY).

City: Optionally enter the city to include in the certificate.

Company: Optionally enter the name of the company to include in the certificate.

Organization: Optionally enter the department or organizational unit that should be contacted regarding this certificate.

Email Address: Optionally enter the email address of the person or organization that should be contacted regarding this certificate.

Generate Elliptic Curve Request: Optionally enable or disable this option. If this is enabled, an Elliptic Curve request is generated instead of an RSA request.

Key Size: Select the algorithm size from the drop-down list. If you are generating an Elliptic Curve (EC) request, the Key Size drop-down is grayed out. The default size of 256 Bits is used for EC requests. If you are generating an RSA request, you can specify the Key Size.

SAN/UCC Names: Enter the Subject Alternate Name (SAN). This must be a valid domain. You can specify up to 10 SANs.

For every SAN you must select a HTTP/HTTPS Layer 7 Virtual Service (you can use the same Virtual Service). For each SAN you must prove your authority to the DigiCert server. A HTTP/HTTPS Virtual Service must be already configured with the ability to add a SubVS (so it should not have any Real Servers added to the parent Virtual Service - but if there are existing SubVSs they can have Real Servers attached). For instructions on how to convert an existing Virtual Service with Real Servers attached to one with SubVSs with Real Servers attached, refer to the DigiCert Feature Description.

Request Certificate: When you are finished setting the relevant fields, click Request Certificate to create a new certificate request using the specified data.

A list of issued certificates and related details are displayed at the bottom of the Manage DigiCert Certificates screen. The HTTP Challenge VS(s) column lists the Virtual Service (or Services) that were used for the HTTP challenge. These are not the Virtual Services that the certificates are assigned to.

Once the certificate is issued successfully, it will be listed in Certificates & Security > SSL Certificates. You can then assign it to any HTTPS Virtual Service or use it as an administrative certificate.

Note: When manually assigning a new certificate to a Virtual Service for the first time, the Virtual Service will restart so we recommend doing this outside of working hours.

When DigiCert certificates are renewed, the Virtual Services that have the certificate assigned will be automatically updated with the renewed certificate.

Note: Automatic renewal and updating of certificates is seamless and does not affect Virtual Service traffic.

Certificates are automatically renewed at the number of days specified in the Renew Period before the expiry date of each certificate. You can manually renew the certificate by clicking Renew Certificate.

You can also delete a certificate associated with the domain by clicking Delete Certificate.

Note: If the certificate is used (for example if it is assigned in a Virtual Service or used as an administrative certificate) the Delete Certificate button is grayed out.

You cannot delete or replace DigiCert certificates from the SSL Certificates screen. You can only delete or replace DigiCert certificates from the Manage DigiCert Certificates screen (Certificates & Security > ACME Certificates). The Replace Certificate and Delete Certificate buttons are grayed out on the SSL Certificates screen for DigiCert certificates.