Skip to main content

Request a certificate for managed devices

To perform this action, you must have a user role that contains the Device administrator permission.

Use this workflow to request a certificate for a specific device. This certificate is linked to a device record in Device Trust Manager, allowing you to manage the device throughout its lifecycle.

This is intended for organizations that need full device management capabilities, such as:

  • Tracking devices in a central inventory

  • Managing device lifecycles

  • Issuing bootstrap certificates for onboarding

  • Issuing operational certificates for ongoing device authentication

Note

Requesting a device certificate for managed devices consumes an Advanced license.

Before you begin

  • Make sure your account has the Device administrator permission.

  • Also verify that your Solution Administrator has already completed the following setup tasks:

  1. In the Device Trust Manager menu, go to Certificate management > Certificates.

  2. Select Certificate actions > Request certificate.

  3. From the Certificate request page, select Request certificate for > Managed device.

  4. From the Device group list, select the device group that contains the device.

  5. From the Certificate management policy list, select the policy associated with the device group.

  6. On the Key generation type step, choose one of the available options:

    1. I have the keypair and will provide the CSR or public key in the request:

      • Choose this option if you already have a key pair. You must upload a CSV file or a ZIP file containing the device data.

      • If needed, download the provided template to ensure the file is formatted correctly.

    2. Key pairs will be generated on the server side by this application, and the private key and certificate will be included in response:

      Choose this option if you want Device Trust Manager to generate the key pair for you.

    Tip

    Key generation type behavior

    The Key generation type option is dynamically displayed based on the selected Device group and the associated Certificate management policy. Only the key generation methods that are supported by the chosen combination are presented to you.

  7. Provide a Common name for the certificate.

  8. Optionally, provide an Organization name.

  9. Optionally, select Add Value to add one or more Organizational Unit values.

  10. Optionally, enter a Description.

  11. Select Submit certificate request.

What happens next

  • The certificate is issued and is associated with the device record.

  • You can download the certificate from Device Trust Manager.

  • If server-side key generation was selected (Key pairs will be generated on the server side by this application, and the private key and certificate will be included in response), the response also includes the generated private key.

Example scenario

A manufacturer needs to issue a bootstrap certificate to a newly produced IoT gateway before deployment. By requesting a certificate for managed devices, the manufacturer can create or associate a device record, issue the certificate, and manage the device throughout its operational lifecycle from a single platform.