How to integrate Digicert MCP with LlamaIndex

Trusted by
AWS
Glean
Zoom
Airtable
GET STARTED FOR FREEGET A DEMO

30 min · no commitment · see it on your stack

Digicert logo
LlamaIndex logo
divider

Introduction

This guide walks you through connecting Digicert to LlamaIndex using the Composio tool router. By the end, you'll have a working Digicert agent that can list all intermediate certificates for your account, create a new api key for admin, update the schedule for monthly security reports through natural language commands.

This guide will help you understand how to give your LlamaIndex agent real control over a Digicert account through Composio's Digicert MCP server.

Before we dive in, let's take a quick look at the key ideas and tools involved.

Also integrate Digicert with

TL;DR

Here's what you'll learn:
  • Set your OpenAI and Composio API keys
  • Install LlamaIndex and Composio packages
  • Create a Composio Tool Router session for Digicert
  • Connect LlamaIndex to the Digicert MCP server
  • Build a Digicert-powered agent using LlamaIndex
  • Interact with Digicert through natural language

What is LlamaIndex?

LlamaIndex is a data framework for building LLM applications. It provides tools for connecting LLMs to external data sources and services through agents and tools.

Key features include:

  • ReAct Agent: Reasoning and acting pattern for tool-using agents
  • MCP Tools: Native support for Model Context Protocol
  • Context Management: Maintain conversation context across interactions
  • Async Support: Built for async/await patterns

What is the Digicert MCP server, and what's possible with it?

The Digicert MCP server is an implementation of the Model Context Protocol that connects your AI agent and assistants like Claude, Cursor, etc directly to your Digicert account. It provides structured and secure access to your digital certificate management, so your agent can perform actions like auditing users, creating API keys, checking permissions, listing certificates, and updating reports on your behalf.

  • API key management and creation: Let your agent securely generate new API keys for specific users and permissions, ensuring controlled access for your team and services.
  • Permission and access validation: Have your agent check if specific permissions are available before performing sensitive operations, helping you enforce security best practices automatically.
  • Intermediate certificate inventory: Instantly retrieve and review all intermediate certificates in your Digicert account—perfect for audits or compliance checks.
  • User management and auditing: Effortlessly list all CertCentral account users, including detailed information for each user, to streamline management and oversight.
  • Automated report configuration updates: Direct your agent to update scheduled report configurations—changing recipients, formats, or schedules—with just a single instruction.

Supported Tools & Triggers

Tools
Add Tags to CertificateTool to add custom tags to one or more certificates for categorization.
Check PermissionTool to check if a specific permission is available.
Create API KeyTool to create a new API key with specified permissions.
Create AuthKeyTool to create a new AuthKey for account authentication.
Create Container IP RulesTool to add an IP restriction rule to a CertCentral account.
Create Finance Order PricingTool to get price estimates for a certificate order.
Create OrganizationTool to create a new organization in your DigiCert CertCentral account.
Create Organization ValidationTool to submit an organization for validation and add verified contacts for specific product types.
List Scan TemplatesTool to retrieve the list of scan templates along with their name, status, and configuration.
Delete Account AuthKeyTool to delete your account's AuthKey.
Delete Certificate from DiscoveryTool to delete certificates from DigiCert Discovery inventory.
Delete DomainTool to delete a domain with the given ID.
Delete SSH KeyTool to delete SSH keys from DigiCert Discovery.
Delete Discovery EndpointsTool to delete one or more endpoints from the Discovery API.
Execute GraphQL QueryTool to execute GraphQL queries against DigiCert Custom Reports API.
Filter KeysTool to filter keys in DigiCert Discovery API by various criteria.
Get Account DetailsTool to retrieve details about your CertCentral account.
Get Account DetailsTool to retrieve account details for the authenticated user.
Get Account Guest Access URLTool to retrieve the guest access URL for your DigiCert account.
Get Account MetadataTool to retrieve metadata for custom order fields in the account.
Get Account SAML EntityTool to retrieve SAML entity details for your account.
Get Agent IP Port DetailsTool to retrieve agent IP port details from DigiCert Discovery API.
Get Alert CountTool to retrieve alert count from DigiCert Discovery API dashboard.
Get AuthKey DetailsTool to retrieve AuthKey details by ID.
List Authorized ContainersTool to list all containers authorized to perform a permission action.
Get Certificate Authority HelperTool to retrieve certificate authority API helper information including version details.
Get Certificate Security RatingTool to retrieve SSL certificate security rating from DigiCert Discovery API.
Get Cloud Scan DetailsTool to get cloud scan details from DigiCert Discovery API.
Get Container by IDTool to get details about a specific container using its ID.
Get Container ChildrenTool to list all child containers for a parent container.
Get Container IP RulesTool to retrieve a list of existing IP restriction rules in a CertCentral account.
Get Container Order OrganizationsTool to list all organizations assigned to a container.
Get Container Product LimitsTool to get information about the limits and settings for a container's enabled products.
Get Container RolesTool to retrieve all access roles available to a container.
Get Container Template DetailsTool to get details about a template in a container.
Get Domain DCV InformationTool to retrieve domain DCV (Domain Control Validation) information from DigiCert.
Get Domain DCV EmailsTool to retrieve email addresses that receive validation emails from DigiCert for the email domain control validation (DCV) method.
Get Domain Expiration CountTool to get the number of domains in your account with expired or expiring OV or EV domain validations.
Get Domain Validation TypeTool to list available validation types for domains.
Get Finance BalanceTool to view the current balance of your DigiCert account.
Get Finance Balance HistoryTool to list balance adjustment history for your DigiCert account.
Get Remote Service InformationTool to retrieve remote service information from DigiCert Document Manager CSC API.
Get API Key DetailsTool to retrieve detailed information about an API key.
Get MPKI VersionTool to query the TLM application version from DigiCert MPKI API.
Get Order Certificate Status ChangesTool to list orders that changed status during a given time frame.
Get Organization DetailsTool to retrieve detailed information about an organization from DigiCert.
Get Organization Contact InfoTool to retrieve organization and technical contact details for a specific organization.
Get Recent OrganizationsTool to retrieve the three most recently used organizations from your CertCentral account.
Get Organization ValidationTool to get validation details for an organization.
Get Organization Validation TypeTool to list available validation types for organizations.
Get Product by NameTool to get information about a product by its name identifier.
Get Product Platform Certificate Format MappingTool to list the certificate format that is returned for a particular server platform.
Get Product PricingTool to retrieve a comprehensive list of product prices available under your DigiCert account.
Get Remote Service InfoTool to retrieve information about DigiCert's Document Manager CSC (Cloud Signature Consortium) remote service.
Get Order ReportTool to retrieve a CSV report of all certificate orders.
Get Report Order ExpiringTool to get the number of orders and certificates that expire within 0-30, 30-60, and 60-90 days from now.
Get Report Request SummaryTool to get total requests and requests by type for your account.
Get Scan SubdomainsTool to retrieve all subdomains included in a DigiCert Discovery scan.
Get User DetailsTool to retrieve details about a specific user in CertCentral.
Check Username AvailabilityTool to check if a username is available in DigiCert.
List API Access RolesTool to retrieve a list of available API access roles.
List API KeysTool to retrieve a list of API keys and ACME URLs.
List Certificate Filter ValuesTool to retrieve available filter values for certificate attributes from DigiCert Discovery API.
List Certificate OrdersTool to list all certificate orders in your DigiCert account.
List CertificatesTool to list all certificates discovered by DigiCert Discovery scans.
List ContainersTool to retrieve a list of all containers (divisions) in your DigiCert account.
List Container TemplatesTool to list all templates that can be used when creating containers.
List Domain DCV MethodsTool to retrieve available domain control validation (DCV) methods for domains.
List DomainsTool to list all domains in your CertCentral account.
List Intermediate CertificatesTool to retrieve a list of intermediate certificates.
List LocalesTool to retrieve a list of available locales.
List Organization Potential ApproversTool to list all users and contacts that can be validated as verified contacts (also called EV approvers).
List OrganizationsTool to retrieve all organizations in your DigiCert account.
List PermissionsTool to list all permissions for the authenticated user.
List Available ProductsTool to list all products available to your CertCentral account.
List SensorsTool to list all sensors used for network scanning in DigiCert Discovery.
List Service UsersTool to list all DigiCert service users (API-only users).
List CertCentral UsersTool to retrieve a list of CertCentral account users.
Resend User Create EmailTool to resend the create user email to a user.
Submit Domain for ValidationTool to submit a domain for validation with specified validation types.
Update Account EmailsTool to update account notification and emergency email addresses.
Update ContainerTool to edit a container's details including name and description.
Update Container Allowed Domain NamesTool to update a container's allowed domains.
Update Container User AssignmentsTool to update a container's user assignments.
Activate DomainTool to activate a domain in DigiCert CertCentral.
Resend Domain DCV EmailsTool to resend domain control validation (DCV) emails for a domain.
Update API KeyTool to edit an API key's name or access role restrictions.
Update API Key StatusTool to activate, deactivate, or revoke a DigiCert API key.
Update Notification SettingsTool to update CertCentral account notification settings.
Update OrganizationTool to update an organization's details in your DigiCert CertCentral account.
Activate OrganizationTool to activate an organization in DigiCert CertCentral.
Update Organization ContactTool to update or replace organization contact and technical contact for an organization.
Deactivate OrganizationTool to deactivate an organization in DigiCert CertCentral.
Update Renewal Email PreferenceTool to enable or disable renewal notifications for SSL/TLS certificates discovered in DigiCert Discovery.
Update ReportTool to update an existing report’s configuration.
Update User ProfileTool to update a user's profile information in CertCentral.
Update User Container AssignmentsTool to update container (division) assignments for a user.
Update User RoleTool to change a user's access role in CertCentral.
Validate VMC Encoded LogoTool to validate if an SVG file format is compatible with Verified Mark Certificate (VMC) or Common Mark Certificate (CMC) requirements.
Validate VMC/CMC Logo FormatTool to validate SVG logo format for Verified Mark Certificates (VMC) or Common Mark Certificates (CMC).
Verify TemplateTool to verify a certificate template structure against DigiCert's validation rules.

What is the Composio tool router, and how does it fit here?

What is Composio SDK?

Composio's Composio SDK helps agents find the right tools for a task at runtime. You can plug in multiple toolkits (like Gmail, HubSpot, and GitHub), and the agent will identify the relevant app and action to complete multi-step workflows. This can reduce token usage and improve the reliability of tool calls. Read more here: Getting started with Composio SDK

The tool router generates a secure MCP URL that your agents can access to perform actions.

How the Composio SDK works

The Composio SDK follows a three-phase workflow:

  1. Discovery: Searches for tools matching your task and returns relevant toolkits with their details.
  2. Authentication: Checks for active connections. If missing, creates an auth config and returns a connection URL via Auth Link.
  3. Execution: Executes the action using the authenticated connection.

Step-by-step Guide

Prerequisites

Before you begin, make sure you have:
  • Python 3.8/Node 16 or higher installed
  • A Composio account with the API key
  • An OpenAI API key
  • A Digicert account and project
  • Basic familiarity with async Python/Typescript

Getting API Keys for OpenAI, Composio, and Digicert

OpenAI API key (OPENAI_API_KEY)
  • Go to the OpenAI dashboard
  • Create an API key if you don't have one
  • Assign it to OPENAI_API_KEY in .env
Composio API key and user ID
  • Log into the Composio dashboard
  • Copy your API key from Settings
    • Use this as COMPOSIO_API_KEY
  • Pick a stable user identifier (email or ID)
    • Use this as COMPOSIO_USER_ID

Installing dependencies

pip install composio-llamaindex llama-index llama-index-llms-openai llama-index-tools-mcp python-dotenv

Create a new Python project and install the necessary dependencies:

  • composio-llamaindex: Composio's LlamaIndex integration
  • llama-index: Core LlamaIndex framework
  • llama-index-llms-openai: OpenAI LLM integration
  • llama-index-tools-mcp: MCP client for LlamaIndex
  • python-dotenv: Environment variable management

Set environment variables

bash
OPENAI_API_KEY=your-openai-api-key
COMPOSIO_API_KEY=your-composio-api-key
COMPOSIO_USER_ID=your-user-id

Create a .env file in your project root:

These credentials will be used to:

  • Authenticate with OpenAI's GPT-5 model
  • Connect to Composio's Tool Router
  • Identify your Composio user session for Digicert access

Import modules

import asyncio
import os
import dotenv

from composio import Composio
from composio_llamaindex import LlamaIndexProvider
from llama_index.core.agent.workflow import ReActAgent
from llama_index.core.workflow import Context
from llama_index.llms.openai import OpenAI
from llama_index.tools.mcp import BasicMCPClient, McpToolSpec

dotenv.load_dotenv()

Create a new file called digicert_llamaindex_agent.py and import the required modules:

Key imports:

  • asyncio: For async/await support
  • Composio: Main client for Composio services
  • LlamaIndexProvider: Adapts Composio tools for LlamaIndex
  • ReActAgent: LlamaIndex's reasoning and action agent
  • BasicMCPClient: Connects to MCP endpoints
  • McpToolSpec: Converts MCP tools to LlamaIndex format

Load environment variables and initialize Composio

OPENAI_API_KEY = os.getenv("OPENAI_API_KEY")
COMPOSIO_API_KEY = os.getenv("COMPOSIO_API_KEY")
COMPOSIO_USER_ID = os.getenv("COMPOSIO_USER_ID")

if not OPENAI_API_KEY:
    raise ValueError("OPENAI_API_KEY is not set in the environment")
if not COMPOSIO_API_KEY:
    raise ValueError("COMPOSIO_API_KEY is not set in the environment")
if not COMPOSIO_USER_ID:
    raise ValueError("COMPOSIO_USER_ID is not set in the environment")

What's happening:

This ensures missing credentials cause early, clear errors before the agent attempts to initialise.

Create a Tool Router session and build the agent function

async def build_agent() -> ReActAgent:
    composio_client = Composio(
        api_key=COMPOSIO_API_KEY,
        provider=LlamaIndexProvider(),
    )

    session = composio_client.create(
        user_id=COMPOSIO_USER_ID,
        toolkits=["digicert"],
    )

    mcp_url = session.mcp.url
    print(f"Composio MCP URL: {mcp_url}")

    mcp_client = BasicMCPClient(mcp_url, headers={"x-api-key": COMPOSIO_API_KEY})
    mcp_tool_spec = McpToolSpec(client=mcp_client)
    tools = await mcp_tool_spec.to_tool_list_async()

    llm = OpenAI(model="gpt-5")

    description = "An agent that uses Composio Tool Router MCP tools to perform Digicert actions."
    system_prompt = """
    You are a helpful assistant connected to Composio Tool Router.
    Use the available tools to answer user queries and perform Digicert actions.
    """
    return ReActAgent(tools=tools, llm=llm, description=description, system_prompt=system_prompt, verbose=True)

What's happening here:

  • We create a Composio client using your API key and configure it with the LlamaIndex provider
  • We then create a tool router MCP session for your user, specifying the toolkits we want to use (in this case, digicert)
  • The session returns an MCP HTTP endpoint URL that acts as a gateway to all your configured tools
  • LlamaIndex will connect to this endpoint to dynamically discover and use the available Digicert tools.
  • The MCP tools are mapped to LlamaIndex-compatible tools and plug them into the Agent.

Create an interactive chat loop

async def chat_loop(agent: ReActAgent) -> None:
    ctx = Context(agent)
    print("Type 'quit', 'exit', or Ctrl+C to stop.")

    while True:
        try:
            user_input = input("\nYou: ").strip()
        except (KeyboardInterrupt, EOFError):
            print("\nBye!")
            break

        if not user_input or user_input.lower() in {"quit", "exit"}:
            print("Bye!")
            break

        try:
            print("Agent: ", end="", flush=True)
            handler = agent.run(user_input, ctx=ctx)

            async for event in handler.stream_events():
                # Stream token-by-token from LLM responses
                if hasattr(event, "delta") and event.delta:
                    print(event.delta, end="", flush=True)
                # Show tool calls as they happen
                elif hasattr(event, "tool_name"):
                    print(f"\n[Using tool: {event.tool_name}]", flush=True)

            # Get final response
            response = await handler
            print()  # Newline after streaming
        except KeyboardInterrupt:
            print("\n[Interrupted]")
            continue
        except Exception as e:
            print(f"\nError: {e}")

What's happening here:

  • We're creating a direct terminal interface to chat with your Digicert database
  • The LLM's responses are streamed to the CLI for faster interaction.
  • The agent uses context to maintain conversation history
  • You can type 'quit' or 'exit' to stop the chat loop gracefully
  • Agent responses and any errors are displayed in a clear, readable format

Define the main entry point

async def main() -> None:
    agent = await build_agent()
    await chat_loop(agent)

if __name__ == "__main__":
    # Handle Ctrl+C gracefully
    signal.signal(signal.SIGINT, lambda s, f: (print("\nBye!"), exit(0)))
    try:
        asyncio.run(main())
    except KeyboardInterrupt:
        print("\nBye!")

What's happening here:

  • We're orchestrating the entire application flow
  • The agent gets built with proper error handling
  • Then we kick off the interactive chat loop so you can start talking to Digicert

Run the agent

npx ts-node llamaindex-agent.ts

When prompted, authenticate and authorise your agent with Digicert, then start asking questions.

Complete Code

Here's the complete code to get you started with Digicert and LlamaIndex:

import asyncio
import os
import signal
import dotenv

from composio import Composio
from composio_llamaindex import LlamaIndexProvider
from llama_index.core.agent.workflow import ReActAgent
from llama_index.core.workflow import Context
from llama_index.llms.openai import OpenAI
from llama_index.tools.mcp import BasicMCPClient, McpToolSpec

dotenv.load_dotenv()

OPENAI_API_KEY = os.getenv("OPENAI_API_KEY")
COMPOSIO_API_KEY = os.getenv("COMPOSIO_API_KEY")
COMPOSIO_USER_ID = os.getenv("COMPOSIO_USER_ID")

if not OPENAI_API_KEY:
    raise ValueError("OPENAI_API_KEY is not set")
if not COMPOSIO_API_KEY:
    raise ValueError("COMPOSIO_API_KEY is not set")
if not COMPOSIO_USER_ID:
    raise ValueError("COMPOSIO_USER_ID is not set")

async def build_agent() -> ReActAgent:
    composio_client = Composio(
        api_key=COMPOSIO_API_KEY,
        provider=LlamaIndexProvider(),
    )

    session = composio_client.create(
        user_id=COMPOSIO_USER_ID,
        toolkits=["digicert"],
    )

    mcp_url = session.mcp.url
    print(f"Composio MCP URL: {mcp_url}")

    mcp_client = BasicMCPClient(mcp_url, headers={"x-api-key": COMPOSIO_API_KEY})
    mcp_tool_spec = McpToolSpec(client=mcp_client)
    tools = await mcp_tool_spec.to_tool_list_async()

    llm = OpenAI(model="gpt-5")
    description = "An agent that uses Composio Tool Router MCP tools to perform Digicert actions."
    system_prompt = """
    You are a helpful assistant connected to Composio Tool Router.
    Use the available tools to answer user queries and perform Digicert actions.
    """
    return ReActAgent(
        tools=tools,
        llm=llm,
        description=description,
        system_prompt=system_prompt,
        verbose=True,
    );

async def chat_loop(agent: ReActAgent) -> None:
    ctx = Context(agent)
    print("Type 'quit', 'exit', or Ctrl+C to stop.")

    while True:
        try:
            user_input = input("\nYou: ").strip()
        except (KeyboardInterrupt, EOFError):
            print("\nBye!")
            break

        if not user_input or user_input.lower() in {"quit", "exit"}:
            print("Bye!")
            break

        try:
            print("Agent: ", end="", flush=True)
            handler = agent.run(user_input, ctx=ctx)

            async for event in handler.stream_events():
                # Stream token-by-token from LLM responses
                if hasattr(event, "delta") and event.delta:
                    print(event.delta, end="", flush=True)
                # Show tool calls as they happen
                elif hasattr(event, "tool_name"):
                    print(f"\n[Using tool: {event.tool_name}]", flush=True)

            # Get final response
            response = await handler
            print()  # Newline after streaming
        except KeyboardInterrupt:
            print("\n[Interrupted]")
            continue
        except Exception as e:
            print(f"\nError: {e}")

async def main() -> None:
    agent = await build_agent()
    await chat_loop(agent)

if __name__ == "__main__":
    # Handle Ctrl+C gracefully
    signal.signal(signal.SIGINT, lambda s, f: (print("\nBye!"), exit(0)))
    try:
        asyncio.run(main())
    except KeyboardInterrupt:
        print("\nBye!")

Conclusion

You've successfully connected Digicert to LlamaIndex through Composio's Tool Router MCP layer. Key takeaways:
  • Tool Router dynamically exposes Digicert tools through an MCP endpoint
  • LlamaIndex's ReActAgent handles reasoning and orchestration; Composio handles integrations
  • The agent becomes more capable without increasing prompt size
  • Async Python provides clean, efficient execution of agent workflows
You can easily extend this to other toolkits like Gmail, Notion, Stripe, GitHub, and more by adding them to the toolkits parameter.

How to build Digicert MCP Agent with another framework

OpenAI Agents SDK logo

OpenAI Agents SDK

Use Digicert MCP with OpenAI Agents SDK

Claude Agent SDK logo

Claude Agent SDK

Use Digicert MCP with Claude Agent SDK

Claude Code logo

Claude Code

Use Digicert MCP with Claude Code

Claude Cowork logo

Claude Cowork

Use Digicert MCP with Claude Cowork

Codex logo

Codex

Use Digicert MCP with Codex

OpenClaw logo

OpenClaw

Use Digicert MCP with OpenClaw

Hermes logo

Hermes

Use Digicert MCP with Hermes

CLI logo

CLI

Use Digicert MCP with CLI

Google ADK logo

Google ADK

Use Digicert MCP with Google ADK

LangChain logo

LangChain

Use Digicert MCP with LangChain

Vercel AI SDK logo

Vercel AI SDK

Use Digicert MCP with Vercel AI SDK

Mastra AI logo

Mastra AI

Use Digicert MCP with Mastra AI

CrewAI logo

CrewAI

Use Digicert MCP with CrewAI

FAQ

What are the differences in Tool Router MCP and Digicert MCP?

With a standalone Digicert MCP server, the agents and LLMs can only access a fixed set of Digicert tools tied to that server. However, with the Composio Tool Router, agents can dynamically load tools from Digicert and many other apps based on the task at hand, all through a single MCP endpoint.

Can I use Tool Router MCP with LlamaIndex?

Yes, you can. LlamaIndex fully supports MCP integration. You get structured tool calling, message history handling, and model orchestration while Tool Router takes care of discovering and serving the right Digicert tools.

Can I manage the permissions and scopes for Digicert while using Tool Router?

Yes, absolutely. You can configure which Digicert scopes and actions are allowed when connecting your account to Composio. You can also bring your own OAuth credentials or API configuration so you keep full control over what the agent can do.

How safe is my data with Composio Tool Router?

All sensitive data such as tokens, keys, and configuration is fully encrypted at rest and in transit. Composio is SOC 2 Type 2 compliant and follows strict security practices so your Digicert data and credentials are handled as safely as possible.

Used by agents from

Context
Letta
glean
HubSpot
Agent.ai
Altera
DataStax
Entelligence
Rolai
Context
Letta
glean
HubSpot
Agent.ai
Altera
DataStax
Entelligence
Rolai
Context
Letta
glean
HubSpot
Agent.ai
Altera
DataStax
Entelligence
Rolai

Never worry about agent reliability

We handle tool reliability, observability, and security so you never have to second-guess an agent action.

Get started for freeGet a demo