Certificate Requests

A certificate request can have one of the following statuses:

The status of a certificate request depends on the policy’s Manual Approval Required and Requires Email Validation parameters. If both parameters were set to No, then the certificate request is approved immediately, a certificate is created and the certificate request gets the ISSUED status.

Provided that only the policy’s Manual Approval Required field had been set to Yes, then the certificate request gets the status of PENDING APPROVAL and an authorized user has to approve or decline it. If this user declines it, the certificate request gets the DECLINED status and no certificate is created. Upon user approval, the certificate request gets the APPROVED status. However, no certificate is created yet. To finalize the certificate creation process, navigate to the certificate request details page and press the Create Certificate button. The certificate is then created and the certificate request gets the ISSUED status.

Provided that only the policy’s E-Mail Verification Required field had been set to Yes, the certificate request gets the status of REQUIRES EMAIL VERIFICATION. An e-mail is then sent to the end entity’s e-mail address, containing a link for address verification. Upon email verification, the certificate request gets the ISSUED status and a certificate is created.

If both of the above had been set to YES, then the certificate request gets the REQUIRES EMAIL VERIFICATION status first and then, upon email verification, it gets the status of PENDING APPROVAL. You must then follow the approval procedure to complete the certificate creation.

You can view and search available certificate requests within a realm in the Certificate Request page. Exporting selected rows as Comma Separated Values (CSV) is possible via the Actions  Export selected as CSV. There is also a filter, to view archived certificate requests exclusively. This filter can be triggered by pressing the Show Archived button in the Actions dropdown list.

You can archive or un-archive a certificate request by selecting a certificate request from the table and clicking the button. Batch Archive is also supported, through the Actions dropdown button. Tick the checkboxes of the desired certificate requests and then select Archive All Selected. Upon certificate request archiving, its associated certificate will also be archived respectively. Certificate requests associated with an active certificate can not be archived. Archived certificate requests that are linked to an archived policy, end entity or realm can not be unarchived. Archived certificate requests can not be used for new operations.

Please refer to Archived Data Removal section.

Use this utility to create a PKCS10 request. This will create a key pair on the server side. You must provide the requester’s name and choose the cryptographic algorithm for which you want a new key pair. Once the keys are created you will be able to download the private key and the certification request.

There are two options to specify the requester’s name in the PKCS10:

Once you have specified the name, you must choose the cryptographic algorithm and corresponding parameters of the new key pair. A list of available algorithms can be found here.