Configure Client certificate approval process

Before you begin

By default, the Client certificate issuance process doesn't require administrator approval, however, you can configure this process to include an approval step. Once this step is activated, an administrator must approve Client certificate orders before the Email Validation for DigiCert "Client Certificate" email is sent (step 3 in the process below).

What does the Client certificate issuance process look like with an approval step?

  • User orders a Client certificate.
  • User provides an email address and CSR, and then submits the order.
  • Administrator approves the Client certificate order.
  • DigiCert verified the user has control of the email address.
  • DigiCert sends an email to the user so they can generate their Client certificate.
  • Email recipient generates their Client certificate in one of the supported browsers. See Generate your Personal ID certificate.

If you are using SAML, turning on the Client certificate approval feature will interrupt the SAML certificate enrollment process.

Configure the Client certificate approval step

  1. In your CertCentral account, in the sidebar menu, click Settings > Preferences.

  2. On the Division Preferences page, scroll to the bottom of the page and expand Advance Settings.

  3. In the Certificate Requests section, under Client Certificate Approval, check Client certificate requests must be approved before they will be issued.

  4. Click Save Settings.