DigiCert CertCentral (Public TLS/SSL Management, VMC/CMC, Code & Document Signing)

CertCentral is DigiCert’s web platform for managing public TLS/SSL and related digital certificates. We help enterprises standardise issuance, automate renewals, and reduce outages—while integrating CertCentral with DevOps, load balancers, and compliance workflows. For broader enterprise PKI beyond public TLS, we also design on DigiCert ONE and private PKI stacks.

Why SafeCipher for CertCentral (Outcomes)

  • Fewer outages via discovery, expiry alerts, and maintenance‑window renewals
  • Faster issuance with policy templates, approval workflows, and ACME
  • Compliance‑ready evidence (PCI, ISO 27001), naming/SAN standards, audit trails
  • DevOps friendly: APIs, ACME, Terraform/Ansible patterns, CI/CD hooks

What You Can Manage in CertCentral (Product Catalogue)

Secure Site TLS/SSL Certificates

  • Secure Site Pro: advanced website security, PQC‑ready options, malware scanning and monitoring
  • Secure Site: priority validation, enhanced tools, strong TLS defaults
  • Basic: essential HTTPS for straightforward sites and services

Specialised TLS/SSL Certificates

  • Wildcard: one cert for a domain and unlimited subdomains
  • Multi‑Domain (SAN/UC): secure multiple domains and subdomains; add/remove SANs as you grow

Other Digital Certificates

  • Code Signing (Standard & EV): integrity & publisher identity for software; EV for higher trust
  • Document Signing: trusted identities for documents; Adobe‑recognised
  • S/MIME (Email Signing & Encryption): protect email against phishing/tamper

Mark Certificates (Email Brand Indicators)

  • Verified Mark Certificate (VMC): display your registered logo in supported email clients
  • Common Mark Certificate (CMC): verifiable trust mark for broader use cases

Specialised Solutions & Options

  • Quantum‑Safe / PQC‑ready: especially with Secure Site Pro and selected solutions
  • Regulated Markets: eIDAS document signing, PSD2 compliance for payments
  • Managed PKI: cloud‑based PKI service for enterprises that prefer outsourcing
  • Partner Brands: GeoTrust, Thawte, RapidSSL—delivered on DigiCert infrastructure

Architecture & Integrations (How We Implement It)

  • Edges & LB: F5, Nginx, HAProxy, Citrix ADC, IIS/Apache—automated install/renew
  • Cloud: AWS (CloudFront/ALB/API GW), Azure (Front Door/App Service), GCP (LB/CDN)
  • DevOps: ACME for web/app estates, API for workflows, GitHub/GitLab/Azure DevOps pipelines
  • Monitoring: expiry SLOs, canary renewals, OCSP stapling and HSTS guidance

Governance & Policy (Making It Auditable)

  • Naming/SAN policy, EKUs, key sizes, validity windows, approval flows
  • Evidence packs for change boards, PCI DSS scope notes, ISO 27001 audits
  • Inventory mapping: tags, owners, environments, CMDB integration

Use Cases We Deliver (End‑to‑End)

  • Public web & APIs: zero‑downtime renewals, blue/green, canary checks
  • Multi‑domain/Wildcard consolidation: reduce sprawl, simplify ownership
  • Email brand trust: roll out VMC/CMC with DMARC alignment
  • Code & document signing: secure build/sign pipelines; EV code signing where required

CertCentral vs DigiCert ONE (When to Use Which)

  • Use CertCentral for public TLS/SSL and adjacent certs (VMC/CMC, S/MIME, code/document signing)
  • Use DigiCert ONE for enterprise digital trust beyond public TLS: private PKI, device/IoT at scale, advanced CLM and integrations

Our Shortcodes (for Clear Requests)

  • DC‑CC → DigiCert CertCentral (public TLS/SSL)
  • DC‑TLS‑PRO → Secure Site Pro
  • DC‑TLS‑SITE → Secure Site
  • DC‑TLS‑BASIC → TLS Basic
  • DC‑TLS‑WILD → Wildcard
  • DC‑TLS‑SAN → Multi‑Domain/SAN
  • DC‑CS‑EV → EV Code Signing
  • DC‑DOC‑SIG → Document Signing
  • DC‑SMIME → S/MIME
  • DC‑VMC → Verified Mark Certificate
  • DC‑CMC → Common Mark Certificate

Example: DC‑CC/DC‑TLS‑PRO/Prod‑Edge/BlueGreen‑Renewal

Deliverables (What You Get)

  • Solution design: policy templates, validation model, ACME plan
  • Build: account config, domain/control validation, API/ACME integration
  • Operations: renewal runbooks, change windows, DR for cert stores, SIEM alerts
  • Evidence: audit logs, naming/SAN policy, PCI/ISO scope notes

FAQ: DigiCert CertCentral — Common Questions

Is CertCentral only for public TLS? Mostly—yes. For broader private PKI and device identity, we move you to DigiCert ONE.

Can you automate renewals? Yes—ACME/API plus scripted installs on LB, gateways, and app platforms.

Do you support PQC? Secure Site Pro brings PQC‑ready options; we’ll define a crypto‑agility plan for you.

How do we roll out VMC/CMC? We align DMARC, verify trademarks (for VMC), then deploy at

scale with project runbooks.