Configure the client certificate approval process

Before you begin

By default, the client certificate issuance process doesn't require administrator approval. However, you can configure this process to include an approval step.

Once this step is activated, an administrator must approve client certificate orders before the Email Validation for DigiCert "Client Certificate" email is sent (step 3 in the process below).

What does the client certificate issuance process look like with an approval step?

  1. The user orders a client certificate.
  2. The user provides an email address and CSR, then submits the order.
  3. The administrator approves the client certificate order.
  4. DigiCert verifies that the user has control of the email address.
  5. DigiCert then sends an email to the user so they can generate their client certificate.
  6. The email recipient generates their client certificate in one of the supported browsers. See Generate your Personal ID certificate.

If you are using SAML, turning on the client certificate approval feature will interrupt the SAML certificate enrollment process.

Configure the client certificate approval step

  1. In your CertCentral account, in the sidebar menu, click Settings > Preferences.

  2. On the Division Preferences page, scroll to the bottom of the page and expand Advance Settings.

  3. In the Certificate Requests section, under Client Certificate Approval, check Client certificate requests must be approved before they will be issued.

  4. Click Save Settings.