Requesting and Viewing a Certificate
Table of Contents
Expand all | Collapse all
-
- Activate Next-Generation Trust Security
-
-
- Configure Akamai Connection
- Configure AWS Connection
- Configure Azure Key Vault Connection
-
- Workload Identity Federation Authentication
- Workload Identity Federation - Azure Identity Provider Authentication
- Next-Gen Trust Security Generated Key Authentication
- User Permissions
- Workload Identity Federation Authentication
- Next-Gen Trust Security Generated Key Authentication
- User Permissions
- Supported OIDC Claims
-
-
-
- Working with the Built-in CA
- Add AWS Public CA
- Add AWS Private CA
- Add DigiCert One Certificate Authority
- Add Entrust
- Add GlobalSign Atlas
- Add GlobalSign MSSL
- Add GoDaddy
- Add Google Cloud Private CA
- Add a HID PKIaaS CA
- Add Certificate Manager - Self-Hosted
- Set Up an OpenSSL Certificate Authority Connector
- Create a Sectigo Certificate Manager Certificate Authority
- Add Zero Touch PKI
- Set Up Certificate Expiration Notifications
- Using a Custom DNS Provider
-
-
-
-
- Create an F5 BIG-IP LTM Machine
- Create a Microsoft Azure Private Key Vault Machine
- Create a Microsoft Azure Application Registration Machine
- Create a Microsoft IIS Machine
- Create a Microsoft Windows (PowerShell) Machine
- Create a Microsoft SQL Server Machine
- Create a Common KeyStore Machine
- Create a Citrix ADC Machine
- Create an Imperva WAF Machine
- Create a VMware NSX Advanced Load Balancer (AVI) Machine
- Create an A10 Thunder ADC Machine
- Create a Cloudflare Machine
- Create Kemp Virtual LoadMaster Machine
- Create a Palo Alto Panorama Machine
- Create a Radware Alteon Machine
-
- Provision to an F5 BIG-IP LTM
- Provision to a Microsoft Azure Private Key Vault
- Provision to Microsoft IIS
- Provision to Microsoft Windows (PowerShell)
- Provision to Microsoft SQL Server
- Provision to a Common KeyStore
- Provision to a Citrix ADC
- Provision to an Imperva WAF
- Provision to VMware NSX Advanced Load Balancer (AVI)
- Provision to an A10 Thunder ADC
- Provision to Cloudflare
- Provision to a Kemp Virtual LoadMaster
- Provision to Palo Alto Panorama
- Provision Certificates to Radware Alteon
-
-
- 47-Day Validity Readiness TLS Certificates dashboard
- About the Certificate Inventory
- Managing Certificate Lifecycle Settings
- Reissuing Certificates in Next-Gen Trust Security
- Downloading Certificates, Certificate Chains, and Keystores
- Retiring, Recovering, and Deleting Certificates
- Finding Certificates in the Certificate Inventory
- Importing Certificates from a CA Using EJBCA
- Domain-Based Validation for External Emails
-
- Create a Workload Identity Management or Discovery Agent Built-in Account
- Create an OCI Registry Built-in Account
- Create a Certificate Manager - Self-Hosted Built-in Account
- Create a Scanafi Built-in Account
- Toggling a Built-in Account on or Off
- Editing Built-in Accounts
- Deleting Existing Built-in Accounts
- Renew Existing Built-in Accounts
- Troubleshooting
Requesting and Viewing a Certificate
You can request, download, and view certificates using Next-Gen Trust Security.
Before You Begin
Before requesting a certificate, ensure the following:
- At least one issuing template is configured and available for use
- You have TSG access to at least one Issuing Template from the parent TSG
- You have the appropriate Strata Cloud Manager (SCM) role permissions to request certificates
Access and Permissions
Access to Certificate Requests is controlled by your TSG scope and SCM role:
Inventory Visibility
- Parent TSG: Certificate Requests inventory accessed from the parent TSG includes Certificate Requests in the parent TSG and all child TSGs nested below it. Filtering can be applied to the inventory to limit the view to Certificate Requests in a subset of TSGs.
- Child TSG: Certificate Requests inventory accessed from a child TSG only includes Certificate Requests in that specific child TSG.
Required Permissions
- Web UI actions: Users must have the appropriate SCM role permissions to perform web UI actions on Certificate Requests, including requesting certificates
- API actions: Built-In Accounts must have the appropriate SCM role permissions to perform API actions on Certificate Requests, including requesting certificates
To Request a Certificate
- Sign in to Next-Gen Trust Security.
- Click Insights > Create Certificate Request.
- Select an Issuing Template.When you select a template, its policy details appear in the Issuing Template Policy section.
- (Optional) Select or create one or more tags to associate with the certificate.
- Click Continue.
- Select a Request method.Automated certificate requestComplete the request fields. Some values may be pre-filled or locked based on the issuing template policy.After completing the fields, click Submit Request.Provide my own CSRPaste the CSR into the CSR Upload field and select a Validity period.Click Submit Request.
- Click Finish.
The request is sent to the certificate authority defined by the issuing template.
Certificate Request Timeouts
Certificate requests expire if not completed within the following timeframes:
- DigiCert: 7 days
- GlobalSign MSSL: 24 hours
- All other supported certificate authorities: 30 minutes
View the Certificate Request
- Click Insights > Certificate Requests.
- By default, the most recent requests appear at the top of the list.
- If filters are applied, click Clear.
- Click Filter, enter search criteria (such as a domain name), and click Apply.
- Select a certificate request to view its details.