Configure the client certificate approval process
By default, the client certificate issuance process does not require administrator approval. Configure the approval step to require an administrator to approve client certificate orders before DigiCert sends the certificate generation email to the recipient.
Before you begin
Client certificate issuance process with the approval step enabled:
Once this step is activated, an administrator must approve client certificate orders before the Email validation for DigiCert "Client Certificate" email is sent (step 3 in the process below).
What does the client certificate issuance process look like with an approval step?
The user orders a client certificate.
The user provides an email address and CSR, then submits the order.
The administrator approves the client certificate order.
DigiCert verifies that the user has control of the email address.
DigiCert then sends an email to the user so they can generate their client certificate.
The email recipient generates their client certificate in one of the supported browsers. See Generate your client certificate.
Important
If SAML is configured on the account, enabling the client certificate approval step interrupts the SAML certificate enrollment process.
Configure the client certificate approval step
In the CertCentral main menu, go to Settings > Preferences.
On the Division Preferences page, expand Advance Settings.
In the Certificate Requests section, under Client Certificate Approval, select Client certificate requests must be approved before they will be issued.
Select Save Settings.
Administrators must now approve client certificate orders before DigiCert sends the generation email. Orders submitted by other users appear on the Requests page pending administrator approval.