Certificate Requests

A certificate request contains the cryptographic parameters needed for the creation of a new certificate. A certificate request cannot be created manually. It is always created as part of the Issue Certificate process.

Certificate Requests are bound to a Policy and an End-entity, which are selected/created in the first two steps of certificate creation.

A Certificate request can have on of the following statuses:

  1. PENDING_APPROVAL: An manual approval is required for the request.

  2. REQUIRES_EMAIL_VERIFICATION: The certificate request is pending additional email verification.

  3. DECLINED: The certificate request has been manually declined.

  4. APPROVED The certificate request has been manually approved.

  5. ISSUED: A certificate has been issued for the certificate request.

The status of a certificate request depends on the policy’s Manual Approval Required and Requires Email Validation parameters. If both parameters was set to false, then the certificate request is approved immediately, a certificate is created and the certificate request gets the ISSUED status.

If only the policy’s Manual Approval Required was set to true, then the certificate request gets the status of PENDING and an authorized user has to approve or decline it. If the user declines it, the certificate request gets the DECLINED status and no certificate is created. Upon user approval, the certificate request gets the APPROVED status. However, no certificate is created yet. To finalize the certificate creation process, the user has to navigate to the certificate request details page and press the Create Certificate button. Following this user action, a certificate is created and the certificate request gets the ISSUED status.

In case only the policy’s Requires Email Validation was set to true, then the certificate request gets the status of REQUIRES EMAIL VERIFICATION and an email is sent to the end entity’s email address. The e-mail contains a link for address verification. Upon email verification, the certificate request gets the ISSUED status and a certificate is created.

Finally, if both are set to true, then the certificate request gets the REQUIRES EMAIL VERIFICATION status first and then, upon email verification, it gets the status of PENDING. The user must then follow the approval procedure to complete the certificate creation.

View Certificate Requests

Available certificate requests for a realm can be viewed and searched for in the Certificate Request page. Exporting selected rows as Comma Separated Values (CSV) is possible via the Actions → Export selected as CSV. There is also a filter an admin can use, to view archived certificate requests exclusively. This filter can be triggered by pressing the Show Archived button in the Actions dropdown list. In order to obtain further details about the certificate, metadata and user responses of a certificate request, the user can press on the Certificate Request ID link. This will bring up the certificate request details page.

Archive Certificate Requests

A user can archive or un-archive a certificate request by entering the Certificate Request/Show tab. There, by pressing the certificate request’s name, the user will be redirected to the certificate request details page. By pressing the Archive or the Unarchive button the certificate request will be archived or unarchived respectively. Batch Archive and Batch Undo-Archive actions are also supported, through the Actions dropdown, by selecting the checkboxes of the desired certificate requests and choosing the Archive All Selected and Undo-Archive All Selected buttons. Upon certificate request archive/un-archive, its associated certificate will also be archived/unarchived respectively. Certificate requests associated with an active certificate can not be archived. Archived certificate requests that are linked to an archived policy, end entity or realm can not be unarchived. Archived certificate requests can not be used for new operations.

Delete Certificate Requests

A user can delete an archived certificate request through the Certificate Request page, the Show Certificate Request Table or the Administration/Archived Data Removal tab. In the Certificate Request page, after archiving the entity, a Delete button will appear. In the Show Certificate Requests Table by pressing Actions→Show Archived the table will show the archived entities. Here the certificate requests can be selected. Through Actions→Delete all selected they can be deleted. Furthermore, the user can delete one Certificate Request at a time, by pressing the row actions button and then Delete Certificate Request. Finally, in the Choose entity to delete dropdown choose Certificate Requests. As an extra safeguard, there is the option to restrict the archived records, to be deleted by the date they were archived. In the Choose date calendar select the date, before which the records should have been archived. Press Delete in order to delete those. Upon deletion, the certificates linked to the deleted certificate requests will also be deleted.