Submit certificate batch request with DigiCert ONE-generated keys
DigiCert® IoT Trust Manager supports batch certificate requests—also known as batch jobs—as an efficient means to request and receive hundreds or thousands of certificates for a common enrollment profile. In a batch request, you specify the enrollment profile for the request parameters, upload your certificate field information in a CSV file, and DigiCert® IoT Trust Manager generates your keypairs and certificates based on your uploaded certificate information.
DigiCert ONE delivers your generated keys and certificates in a certificate package encrypted by a client authentication certificate that you provide with the batch request.
Note
DigiCert ONE does not retain the generated keypairs and no other entity has access to the keys.
Batch certificate requests can also be made by generating your keypairs and CSRs and uploading them with your batch request. See Submit batch certificate request with CSRs.
Record your certificate request information in the request template
In DigiCert ONE, in the Manager menu (top right), select IoT Trust.
In the IoT Trust Manager menu, go to Certificates > Batch jobs.
On the Batch jobs page, select Start batch certificate request.
Scroll down to Who generates the keypairs for the certificate requests? and select DigiCert ONE generates the keypairs > I will upload CSV with request info.
Select Download template to get the CSV file for your certificate information.
Fill in all columns for each certificate you are requesting.
Note
If you have questions about the template and required/optional fields, contact your DigiCert ONE IoT admin.
Set up your request with the completed template
Return to DigiCert ONE
In the IoT Trust Manager menu, go to Certificates > Batch jobs.
On the Batch jobs page, select Start batch certificate request.
Enter a Nickname and Description for this request (optional).
Select the Enrollment profile to use for the request.
Select the Certificate download format for the generated certificates.
Select the Certificate chain option for how you want the root and intermediate certificates to be packaged with the generated end entity certificates:
Include root and intermediate certificates only as separate files in the download package.
Also package intermediate certificates with each end entity certificate.
Also package root and intermediate certificates with each end entity certificate.
Enter the email addresses for the users who can pick up and manage the generated end entity certificates.
Tip
Users without a DigiCert account can also pick up and manage the generated certificates. Additionally, a passcode can be applied to the certificate package for non-DigiCert ONE users.
For Who generates the keypairs for the certificate requests?, select I will upload CSV with request info.
Add your CSV file.
Select Start request.
DigiCert® IoT Trust Manager processes the batch request and generates the certificates.
Users specified in the request get an email when the certificate package is ready for download.
Important
Users have 30 days to respond and approve the certificate package before the package expires and is removed from DigiCert ONE. An expired package cannot be recovered.