Using the sample DigiCert PKI Platform PowerShell script

When you install Trust Protection Platform, a PowerShell reference sample for use with the DigiCert PKI Platform is included in the \Venafi\Scripts\AdaptableCA\Samples folder. You can use the reference sample to better understand how to configure your own scripts.

The reference sample is a fully-functional implementation that lets you use the Adaptable CA driver with the DigiCert PKI Platform. You do not need to know anything about the PowerShell functions to begin using the reference sample. However, you do need to set up your Symantec account correctly and modify a few variables in the script.

DID YOU KNOW? Venafi supports integration with the following Symantec CA offerings:

Symantec Managed PKI for SSL: Used for managing publicly trusted certificates. For more information, see Symantec Managed PKI for SSL and visit https://www.symantec.com/ssl-certificates/managed-pki-ssl/.
DigiCert PKI Platform: Used for managing non-publicly trusted certificates. For more information, visit https://www.symantec.com/products/information-protection/managed-pki-service.

To use the DigiCert PKI Platform PowerShell script

In your DigiCert PKI Platform account, create a certificate profile using Symantec's Generic Server template, and then do the following:
1. Change the enrollment method to PKI Web Services.
2. Add as many instances of the Organization Unit field as you plan to support in your environment.
3. Add fields for Organization, Locality, State, and Country so that the issued certificates will have a complete Subject DN.
4. Set the source of all fields to Webservice Request.
Depending on the certificate type that you want to issue, copy the appropriate script:
- TLS/SSL certificates — Symantec Managed PKI Service.ps1
- User (Email Security) certificates — Symantec Managed PKI Service Email.ps1
from the \Venafi\Scripts\AdaptableCA\Samples directory to the \Venafi\Scripts\AdaptableCA directory.

IMPORTANT You must also copy the PowerShell script to all Trust Protection Platform servers that are utilized in enrollment, or that are serving up an administration console (e.g. Policy Tree or Aperture).
Edit the copied script by doing the following:
1. Verify that the correct DigiCert PKI Platform URL is assigned to the $global:base_url variable.
2. Set the value of the $global:cert_profile_id variable to the Certificate Profile OID of the certificate profile you created in the first step.