CSV format for batch certificate enrollment
Batch certificate enrollment in DigiCert® Device Trust Manager enables you to submit multiple certificate requests in a single job using a CSV file. This reference details the required CSV structure to ensure successful batch processing.
The CSV file used for batch certificate enrollment must contain a header row followed by one or more data rows.
Header row: Defines the fields for each certificate request, including:
Unique identifier (optional)
Certificate attributes
Device attribute fields
CSR (if required by the certificate management policy)
Data rows: Contain the certificate request values for each field defined in the header row. Make sure each value in a data row matches the corresponding header to maintain alignment and proper processing.
CSV header details
Unique identifier (optional)
To uniquely identify each certificate request, include the unique_identifier column in the header row. This helps distinguish output files when certificate values are not unique.
Output file naming: If a certificate request includes a
unique_identifier, output files are named using that value (e.g.,<unique_identifier_value>.pem).Without a unique identifier: The system appends a random value to output file names to avoid duplicates, indicated with a
WARNINGstatus in the batch job report.
Certificate attributes
Include headers for the required certificate attributes based on your certificate profile configuration, such as:
Subject attributes, such as
subject.common_name)SAN (Subject Alternative Name) attributes
Extensions
Key usage and extended key usage attributes
注記
If a certificate attribute is specified in both the CSR and the CSV column, the value in the CSV column takes precedence and will be used in the request.
The following table outlines the header cell values, expected data cell value formats, and descriptions for each certificate attribute used in CSV files for batch certificate enrollment.
CSR
If your certificate management policy requires a CSR for generating the device's x.509 bootstrap certificate, include it in the csr column.
CSRs must be in Base-64 encoded PEM format and include the -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- tags. Below is an example of a PEM-formatted CSR:
-----BEGIN CERTIFICATE REQUEST-----
...CSR content...
-----END CERTIFICATE REQUEST-----
Device attributes
Add headers for required device attributes based on your device profile configuration:
Use
device_identifierfor the device ID.For custom device fields, include the unique UUID of each field (for example,
35db4faa-899f-4aff-b0a2-10f73d7b198c).
ヒント
To find UUIDs for custom fields, use Device Trust Manager REST API Get enrollment profile specification endpoint:
GET {base_url}/devicetrustmanager/certificate-configuration-service/api/v1/enrollment-profile/{enrollment_profile_id}/enrollment-specification
Certificate request data rows
Each data row in the CSV represents an individual certificate request, with values corresponding to the header fields.
注記
There is no limit to the number of data rows, but the compressed ZIP file containing your CSV data must not exceed 200 MB.
Example CSV file
"unique_identifier","subject.common_name","subject.organization_name","subject.organization_unit","san.other_name.hardware_module_name.serial_number","device_identifier","35db4faa-899f-4aff-b0a2-10f73d7b198c","extensions.subject_directory","csr"
"001","common name 01","Organization","Unit1,Unit2","AABBCCDD","Device01","Custom field value","{\"attribute1\":\"value1\",\"attribute2\":\"value2\"}","-----BEGIN CERTIFICATE REQUEST-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1Gkl8...\n-----END CERTIFICATE REQUEST-----"
"002","common name 02","Organization","Unit1,Unit2","AABBCCDD","Device02","Custom field value","{\"attribute1\":\"value3\",\"attribute2\":\"value4\"}","-----BEGIN CERTIFICATE REQUEST-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2Hgl8...\n-----END CERTIFICATE REQUEST-----"
"003","common name 03","Organization","Unit1,Unit2","AABBCCDD","Device03","Custom field value","{\"attribute1\":\"value5\",\"attribute2\":\"value6\"}","-----BEGIN CERTIFICATE REQUEST-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3Jkl9...\n-----END CERTIFICATE REQUEST-----"