Certificate Requests

A certificate request contains the cryptographic parameters that are needed for the creation of a new certificate. A certificate request cannot be created manually. It is created always as part of the certificate issue process (Issue Certificate).

Certificate Requests are bound to a policy and an end entity, which were selected/created in the first two steps of certificate creation.

A Certificate request can have on of the following statuses:

  1. PENDING_APPROVAL: An manual approval is required for the request.

  2. REQUIRES_EMAIL_VERIFICATION: The certificate request is pending additional email verification.

  3. DECLINED: The certificate request has been manually declined.

  4. APPROVED The certificate request has been manually approved.

  5. ISSUED: A certificate has been issued for the certificate request.

The status of a certificate request depends on the policy’s Manual Approval Required and Requires Email Validation parameters. If both parameters was set to false, then the certificate request is approved immediately, a certificate is created and the certificate request gets the ISSUED status.

If only the policy’s Manual Approval Required was set to true, then the certificate request gets the status of PENDING, and an authorized user has to approve or decline it. If the user declines it the certificate request gets the DECLINED status and no certificate is created. Upon user approval, the certificate request gets the APPROVED status. However, no certificate is created yet. The user has to navigate to the certificate request details page and press the Create Certificate button to finalize the certificate creation process. After that user action, a certificate is created and the certificate request gets the ISSUED status.

If only the policy’s Requires Email Validation was set to true, then the certificate request gets the status of REQUIRES EMAIL VERIFICATION and an email is sent to the end entity’s email, with a link to verify its email address. Upon email verification, the certificate request gets the ISSUED status and a certificate is created.

Finally, if both are set to true, then first the certificate request gets the REQUIRES EMAIL VERIFICATION status and upon email verification, it gets the status of PENDING. The user then has to follow the approval procedure to complete the certificate creation.

1. View Certificate Requests

Available certificate request for a realm can be viewed and searched for in the Certificate Request page. An option to export selected rows as Comma Separated Values (CSV) is available via the Actions → Export selected as CSV. There is also a filter that an admin can use to view only the archived certificate requests. This filter can be triggered by pressing the Show Archived button in the Actions dropdown list. For further details about the certificate, metadata and user responses of a certificate request, the user can press on the Certificate Request ID link to land on the certificate request details page.

2. Archive Certificate Requests

A user can archive or unarchive a certificate request by entering the Certificate Request/Show tab. There, by pressing the certificate request’s name, the user will be redirected to the certificate request details page. By pressing the Archive or the Unarchive button the certificate request will be archived or unarchived accordingly. Batch Archive and Batch Undo-Archive actions are also supported by selecting the checkboxes of the desired certificate requests and choosing the Archive All Selected and Undo-Archive All Selected buttons in the Actions dropdown. Upon certificate request archive/unarchive, its associated certificate will also be archived/unarchived respectively. Certificate requests associated with an active certificate can not be archived. Archived certificate requests that are linked to an archived policy, end entity or realm can not be unarchived. Archived certificate requests can not be used for new operations.

3. Delete Certificate Requests

A user can delete an archived certificate request through the Certificate Request page, the Show Certificate Request Table or the Administration/Archived Data Removal tab. In the Certificate Request page after archiving the entity a Delete button will appear. In the Show Certificate Requests Table by pressing Actions→Show Archived the table will show the archived entities, and here the certificate requests can be selected, and through Actions→Delete all selected they can be deleted. Furthermore, the user can delete one Certificate Request at a time by pressing the row actions button and then Delete Certificate Request. Finally, in the Choose entity to delete dropdown choose Certificate Requests. As an extra safeguard there is the option to restrict the archived records that are going to be deleted by the date on which they were archived. In the Choose date calendar select the date, before which the records should have been archived, in order to be deleted with this action and press Delete. Upon deletion, the certificates linked to the deleted certificate requests will also be deleted.