For the latest version, please use Certificate Lifecycle Manager 6.4.0!

Certificate Requests

Certificate requests are foundational to secure, policy-driven certificate issuance in MTG CLM, capturing both intent and the essential identity information required for organizational trust and compliance.

A certificate request contains the cryptographic parameters needed for the creation of a new certificate. Requesting a certificate is not a standalone procedure: it is always created as part of the certificate issuance flow.

Certificate requests are bound to a policy and an end entity, which are selected/created during the first two steps of certificate creation.

Certificate Requests Impact

Every certificate begins with a request. This critical process documents the identity, policy and cryptographic requirements for each digital credential created. In MTG CLM, requests are directly linked to policies and end entities, ensuring that every certificate reflects the organization’s governance and security posture.

Benefits include:

Confirming only authorized individuals or systems obtain certificates.
Recording policy context and requester intention for audit and compliance.
Starting every certificate lifecycle with clear, traceable metadata.

Request Lifecycle and Status

Certificate requests progress through distinct statuses that reflect their approval process and policy requirements.

Status	Description
PENDING_APPROVAL	Manual review is required before proceeding
REQUIRES_EMAIL_VERIFICATION	User must verify email before approval
DECLINED	Request rejected; certificate will not be issued
APPROVED	Request accepted, ready for certificate creation
ISSUED	Certificate successfully generated

Status

Description

PENDING_APPROVAL

Manual review is required before proceeding

REQUIRES_EMAIL_VERIFICATION

User must verify email before approval

DECLINED

Request rejected; certificate will not be issued

APPROVED

Request accepted, ready for certificate creation

ISSUED

Certificate successfully generated

Policy configuration (e.g., manual approval, email verification) determines the request’s path. Some requests are completed automatically; others require multiple steps for full oversight.

PKCS#10 Request Utility

The PKCS#10 utility allows secure generation of key pairs and certification requests directly from the server. Specify the requester’s details, select cryptographic parameters and generate industry-standard CSRs for use with internal or external certificate authorities.

For more details on the format, visit: tools.ietf.org/html/rfc2986.

Quick Reference

Certificate requests anchor identity, policy, and lifecycle for every certificate.
Status transitions visibly track each policy rule and approval stage.
Built-in tools facilitate cryptographic request generation and management.

Related Sections