Skip to main content

CSV format for batch certificate enrollment

Batch certificate enrollment in DigiCert® Device Trust Manager enables you to submit multiple certificate requests in a single job using a CSV file. This reference details the required CSV structure to ensure successful batch processing.

The CSV file used for batch certificate enrollment must contain a header row followed by one or more data rows.

  • Header row: Defines the fields for each certificate request, including:

    • Unique identifier (optional)

    • Certificate attributes

    • Device attribute fields

    • CSR (if required by the certificate management policy)

  • Data rows: Contain the certificate request values for each field defined in the header row. Make sure each value in a data row matches the corresponding header to maintain alignment and proper processing.

CSV header details

Unique identifier (optional)

To uniquely identify each certificate request, include the unique_identifier column in the header row. This helps distinguish output files when certificate values are not unique.

  • Output file naming: If a certificate request includes a unique_identifier, output files are named using that value (e.g., <unique_identifier_value>.pem).

  • Without a unique identifier: The system appends a random value to output file names to avoid duplicates, indicated with a WARNING status in the batch job report.

Certificate attributes

Include headers for the required certificate attributes based on your certificate profile configuration, such as:

  • Subject attributes, such as subject.common_name)

  • SAN (Subject Alternative Name) attributes

  • Extensions

  • Key usage and extended key usage attributes

Let op

If a certificate attribute is specified in both the CSR and the CSV column, the value in the CSV column takes precedence and will be used in the request.

The following table outlines the header cell values, expected data cell value formats, and descriptions for each certificate attribute used in CSV files for batch certificate enrollment.

CSR

If your certificate management policy requires a CSR for generating the device's x.509 bootstrap certificate, include it in the csr column.

CSRs must be in Base-64 encoded PEM format and include the -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- tags. Below is an example of a PEM-formatted CSR:

 -----BEGIN CERTIFICATE REQUEST-----
...CSR content...
-----END CERTIFICATE REQUEST-----

Device attributes

Add headers for required device attributes based on your device profile configuration:

  • Use device_identifier for the device ID.

  • For custom device fields, include the unique UUID of each field (for example, 35db4faa-899f-4aff-b0a2-10f73d7b198c).

Tip

To find UUIDs for custom fields, use Device Trust Manager REST API Get enrollment profile specification endpoint:

 GET {base_url}/devicetrustmanager/certificate-configuration-service/api/v1/enrollment-profile/{enrollment_profile_id}/enrollment-specification

Certificate request data rows

Each data row in the CSV represents an individual certificate request, with values corresponding to the header fields.

Opmerking

There is no limit to the number of data rows, but the compressed ZIP file containing your CSV data must not exceed 200 MB.

Example CSV file

 "unique_identifier","subject.common_name","subject.organization_name","subject.organization_unit","san.other_name.hardware_module_name.serial_number","device_identifier","35db4faa-899f-4aff-b0a2-10f73d7b198c","extensions.subject_directory","csr"
"001","common name 01","Organization","Unit1,Unit2","AABBCCDD","Device01","Custom field value","{\"attribute1\":\"value1\",\"attribute2\":\"value2\"}","-----BEGIN CERTIFICATE REQUEST-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1Gkl8...\n-----END CERTIFICATE REQUEST-----"
"002","common name 02","Organization","Unit1,Unit2","AABBCCDD","Device02","Custom field value","{\"attribute1\":\"value3\",\"attribute2\":\"value4\"}","-----BEGIN CERTIFICATE REQUEST-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2Hgl8...\n-----END CERTIFICATE REQUEST-----"
"003","common name 03","Organization","Unit1,Unit2","AABBCCDD","Device03","Custom field value","{\"attribute1\":\"value5\",\"attribute2\":\"value6\"}","-----BEGIN CERTIFICATE REQUEST-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3Jkl9...\n-----END CERTIFICATE REQUEST-----"