Request a certificate for unmanaged devices
To perform this action, you must have a user role that contains the Device administrator permission.
Use this workflow to request a certificate that isn't associated with a device record in Device Trust Manager.
Unlike certificate requests for managed devices, Unmanaged device certificates are issued without creating or referencing a device. This option is designed for organizations that need certificate-based device identities but don't require device inventory, lifecycle management, or device tracking.
This is designed for organizations that only need device identity certificates, such as:
CSA Matter Device Attestation Certificates (DACs)
C2PA claim signing certificates
Manufacturing and provisioning workflows
Device identity certificates that don't require ongoing device management
When you request an Unmanaged device certificate, Device Trust Manager issues only the certificate. No device record is created.
Opmerking
Requesting a certificate for unmanaged devices consume an Essentials license.
Before you begin
Make sure your account has the
Device administratorpermission.Also verify that your
Solution Administratorhas already completed the following setup tasks:Created a certificate management policy
Prepared a CSV file containing device information, such as Device name, Description, and Subject Common Name (CN).
In the Device Trust Manager menu, go to Certificate management > Certificates.
Select Certificate actions > Request certificate.
From the Certificate request page, select Request certificate for > Unmanaged device.
From the Certificate management policy list, select the policy associated with the device group.
On the Key generation type step, choose one of the available options:
I have the keypair and will provide the CSR or public key in the request:
Choose this option if you already have a key pair. You must upload a
CSV fileor aZIP filecontaining the device data.If needed, download the provided template to ensure the file is formatted correctly.
Key pairs will be generated on the server side by this application, and the private key and certificate will be included in response:
Choose this option if you want Device Trust Manager to generate the key pair for you.
Tip
Key generation type behavior
The Key generation type option is dynamically displayed based on the selected Device group and the associated Certificate management policy. Only the key generation methods that are supported by the chosen combination are presented to you.
Provide a Common name for the certificate.
Optionally, provide an Organization name.
Optionally, select Add Value to add one or more Organizational Unit values.
Optionally, enter a Description.
Select Submit certificate request.
What happens next
After the certificate request is successfully processed:
The certificate is issued
No device record is created or associated with the certificate
You can download the certificate from Device Trust Manager
If server-side key generation was selected (Key pairs will be generated on the server side by this application, and the private key and certificate will be included in response),the response also includes the generated private key.
Example scenario
A device manufacturer needs to issue CSA Matter Device Attestation Certificates (DACs) during production. Because the certificates are used only to establish device identity and don't require lifecycle management, certificate requests for unmanaged devices provide a simple way to issue certificates without creating device records.