Available self-service portal actions
Available self-service actions depend on the portal type. When you configure the portal, you select which actions to allow.
Aviso
You can allow different self-service management operations for discovered/imported certificates versus those issued through Trust Lifecycle Manager. For certificates issued through Trust Lifecycle Manager, you can allow different management operations per certificate profile.
Open portal
The open portal does not authenticate users and only supports the following self-service actions:
Action | Description |
|---|---|
Search | Search for an existing certificate. The user must know the exact common name, email address, or serial number. |
Download | Download a certificate after a successful search or a new enrollment. |
Revocation | Request revocation of an existing certificate. The request gets sent to the email address in the certificate's Note: Enable this feature with caution, understanding the risk of being able to revoke someone else’s certificate if you have access to their email account. |
Authenticated portal
The authenticated portal verifies users' identities via SAML. Once authenticated, users can access and manage certificates that meet any of the following criteria:
Certificate matching criteria | How to search |
|---|---|
Issued from a certificate profile that uses the | These certificates get automatically loaded when the user logs into the authenticated portal. They can be searched using the User ID input on the portal page. |
The certificate requester field in Trust Lifecycle Manager matches the user's SAML NameID. | Use the Email input on the portal page to search for matching certificates. |
The certificate’s | Use the Email input on the portal page to search for matching certificates. |
After displaying an accessible certificate, authenticated users can manage the certificate with the following self-service actions:
Action | Description |
|---|---|
Renewal | Renew certificates that are approaching expiration and within the renewal window. |
Revocation | Permanently revoke certificates. |
Suspend/Resume | Temporarily suspend certificates or resume suspended ones. |
Key recovery | Recover certificates and keys with escrowing enabled:
|
Manage certificate owners | Update the list of assigned certificate owners who receive email notifications about a certificate. |
Reissue certificate | Issue the same certificate with the same validity dates, but a new serial number. Use this action to request a fresh certificate after making changes to one of your certificate profiles, or to get the next certificate in a CertCentral multi-year plan. Users must provide This action is only available for public and private CertCentral certificates. |
Authenticated users can also use the following self-service actions to request new certificates:
Action | Description |
|---|---|
Enrollment | Enroll new certificates from a certificate profile with the self-service portal option enabled and the following criteria:
|
Pick up | Pick up a new certificate after admin approval. |
Cancel | Cancel pickup of an approved certificate request. |