- DigiCert product docs
- Device Trust Manager
- Blueprints
- Issue device certificates
Issue device certificates
Use blueprints to issue device certificates through a preconfigured workflow.
To request a single certificate, select Request certificate
To request a batch of certificates, select Request batch certificates
You can request a single certificate to issue X.509 certificates.
In the Device Trust Manager menu, go to Blueprints.
Under the Device certificate issuance section, select Use blueprint.
Select Request certificate to submit a single certificate request.
Under the Certificate management policy section:
If you already have a key pair and a CSR, select I have the keypair and will provide the CSR or public key in the request
Upload a CSV file or a zipped CSV containing the device data.
Enter a Common name for the certificate.
Select Submit certificate request.
If you want Device Trust Manager to generate the private key for each device, select Key pairs will be generated on the server side by this application, and the private key and certificate will be included in response.
Enter a Common name for the certificate.
Select Submit certificate request.
Save the password and the certificate securely. If you lose them, they can’t be recovered.
Under Certificates & jobs, select View certificates to see your certificate request.
Alternatively, you can also view your requested certificates under Certificate management > Certificates.
Use a batch job when all devices share the same certificate management policy. Instead of sending separate requests, submit one batch request to process all devices together.
In the Device Trust Manager menu, go to Blueprints.
Under the Device certificate issuance section, select Use blueprint.
Select Request a batch of certificates to submit your batch certificate request.
Select Next.
Under the Certificate management policy section:
If you already have the key pairs and the CSR, select I have generated the key pairs and will provide the CSRs or public keys in this batch request.
Select Next.
Either upload a ZIP file with individual CSR files or upload a CSV file with CSRs and required fields.
Note
There is no restriction on the number of devices you can register in a single job. However, the file size you upload can’t exceed 200 MB.
Select Submit batch job request.
If you want Device Trust Manager to generate and encrypt the private key for each registration, select Key pairs will be generated as part of the batch job, and the private keys and certificates will be included in the batch response.
Under the Private key encryption in batch response section, select the required certificate from the dropdown menu.
Alternatively, select Generate a new certificate within your profile to generate a new authentication certificate.
If you already have an encrypted certificate, select Provide a certificate for encryption, and upload the certificate.
Select Next.
Under the Upload a CSV containing certificate information section, upload your CSV file.
See the CSV format for batch certificate enrollment for details on the required CSV structure to ensure successful batch processing.
Select Submit batch job request.
Under Certificates & jobs, select View jobs to see your batch certificate request.
Alternatively, you can also view your requested batch job under Jobs.
When you re-create a blueprint, Device Trust Manager rebuilds it with the latest pre‑configuration details. However, certificates requested through the blueprint—whether single or batch—remain available under:
Single certificate requests: Certificate Management > Certificates
Batch certificate requests: Jobs > Batch certificates