To Create a Certificate Manager - Self-Hosted Built-in Account

1. Sign in to Next-Gen Trust Security.
2. Click System Settings > Built-in Accounts.
3. Click New.
4. Choose the desired use case from the Use case list, and click Continue. The use cases available for you to choose depend on which Next-Gen Trust Security components you have licenses for.
5. Enter a Name for your new built-in account.
6. Select the desired Scope, and click Continue. Learn more
7. If you have not done so already, use the terminal on your computer to generate the public/private keypair that your service will employ using ECDSA P-521 by issuing the following commands:

   # Generate a private key
   openssl ecparam -name secp521r1 -genkey -noout -out venafi-service-account-private.pem
   
   # Generate the public key for it
   openssl ec -in venafi-service-account-private.pem -pubout -out venafi-service-account-public.pem
   
   # Print the public key
   cat venafi-service-account-public.pem

8. In the Credentials section, paste the public key corresponding to the private key that your service will use into the Public Key in PEM format field, and then click Finish to create the built-in account and return to the Built-in Accounts page.