Skip to main content

Request batch certificates for managed devices

To perform this action, you must have a user role that contains the Device administrator permission.

Use this workflow to request a batch of certificates for multiple managed devices in a single operation. Each certificate will be associated with a device record in Device Trust Manager, allowing you to register and manage devices at scale.

This is intended for organizations that need full device management capabilities across large device fleets, such as:

  • Bulk onboarding of devices into a central inventory

  • Managing device lifecycles at scale

  • Issuing bootstrap certificates during manufacturing or provisioning

  • Issuing operational certificates for ongoing device authentication

  • Enabling automated certificate renewal, secure firmware updates, and device monitoring

When you request a batch of certificates for multiple managed devices, Device Trust Manager issues the certificates and creates or associates device records for each device in the batch.

참고

Requesting a batch of certificates for multiple managed devices consume an Advanced license.

Before you begin

  • Make sure your account has the Device administrator permission.

  • Also verify that your Solution Administrator has already completed the following setup tasks:

    • Created a device group

    • Created a certificate management policy

    • While creating the certificate management policy, you have selected the following options:

      • Under the Select the certificate management model, Policy will be used for secure device lifecycle management. Requires an Advanced license.

      • Under the Certificate management methods, Batch certificate request through portal and REST API.

    • Prepared a CSV file containing device information, such as Device name, Description, and Subject Common Name (CN).

  1. In the Device Trust Manager menu, go to Jobs.

  2. Select New job > Unmanaged devices.

  3. On the Batch certificate request page, select Request batch of certificate for > Managed devices.

  4. Under the General settings section, provide a name for the batch job, and optionally, a Job description.

  5. From the Device group list, select the device group that contains the devices.

  6. Select Next.

  7. Under the Certificate request options, select the Certificate management policy associated with the device group.

  8. On the Key generation type step, choose one of the available options:

    1. I have generated the key pairs and will provide CSRs or public keys in this batch request.

      • Choose this option if you already have the key pairs. You must upload a CSV file or a ZIP file containing the device data.

      • If needed, download the provided template to ensure the file is formatted correctly.

      작은 정보

      Key generation type behavior

      The Key generation type option is dynamically displayed based on the selected Device group and the associated Certificate management policy. Only the key generation methods that are supported by the chosen combination are presented to you.

    2. Key pairs will be generated as part of the batch job, and the private keys and certificates will be included in the batch response.

      1. From the Private key encryption in batch response step, perform one of the following:

        • Select Encrypt using an authentication certificate from my Account Manager user profile - chose an appropriate certificate from the list.

        • Select Provide a certificate for encryption - provide your own certificate.

        • Select Generate a new certificate within your profile - specify the reqired fields and generate a new certificate profile.

  9. Select Next.

  10. On the Batch request options page, choose one of the available options to submit the device and certificate identity:

    1. Upload a zipped archive with CSRs.

      Upload a ZIP file with individual CSR files.

    2. Upload a CSV containing certificate information.

      Upload a CSV file with CSRs and required fields.

  11. Optionally, add email addresses to receive notifications when the batch request is completed.

  12. If necessary, select the Allow users without a login to this portal to download the batch file checkbox.

  13. If necessary, select the Require passcode to download the batch file checkbox.

  14. Select Submit batch job request to begin the batch certificate request.

이 섹션의 내용: