Skip to content
vScope Support Page

DigiCert

Connect DigiCert to vScope to inventory the SSL/TLS certificates managed in your DigiCert account.

With DigiCert connected, you can:

  • Track certificate expiry dates so you can act before certificates expire and cause outages.
  • See who issued each certificate, what it covers, and its current status.
  • Bring DigiCert tags into vScope to group, filter, and report on your certificates.
  • Inventory your certificates alongside the rest of your environment in vScope.

Prerequisites

Section titled “Prerequisites”
  • A DigiCert account with access to the MPKI API (the mpki/api/v1 endpoints).
  • An API key (token) for that account.
  • The base URL of your DigiCert ONE / MPKI environment.
  • Network access from the vScope server or Discovery Proxy to the DigiCert API over HTTPS (port 443).

Create an API key in DigiCert

Section titled “Create an API key in DigiCert”
  1. Sign in to your DigiCert account.
  2. Generate an API key (token) with permission to read the certificate inventory.
  3. Note the header name DigiCert expects the key to be sent in, and copy the key value.

Add the DigiCert credential in vScope

Section titled “Add the DigiCert credential in vScope”

  1. In vScope, go to Discovery > Credentials.

  2. Click Create credential and choose DigiCert.

  3. Enter the Base URL of your DigiCert ONE / MPKI environment. For most accounts this is:

    https://one.digicert.com

    If your organization uses a dedicated or on-premises DigiCert ONE instance, use that host instead.

  4. In Authorization Header Name, enter the header DigiCert expects your API key in. For DigiCert ONE this is usually x-api-key.

  5. In Authorization Header Value, paste the API key value.

  6. Optional: add Custom request headers if your environment requires them.

  7. Optional: assign a Proxy if vScope should connect to DigiCert through a Discovery Proxy.

  8. Click Test Credential.

  9. Save the credential and run discovery.

During the next discovery, vScope reads your certificate inventory and creates a certificate asset for each certificate.

Troubleshooting

Section titled “Troubleshooting”

Authentication fails

Section titled “Authentication fails”

Confirm that the Base URL is correct and that the Authorization Header Value contains a valid, current API key. If DigiCert expects the key in a specific header, make sure the Authorization Header Name matches it.

No or partial certificate inventory

Section titled “No or partial certificate inventory”

If the credential test succeeds but the inventory is incomplete:

  1. Confirm the API key has permission to read the certificate inventory.
  2. Confirm the vScope server or Discovery Proxy can reach the DigiCert API host on HTTPS (port 443).
  3. Run a new discovery after changing permissions or the key in DigiCert.

See also

Section titled “See also”