Skip to content

Requesting and viewing a certificate

You can easily request, download, and view a requested certificate using TLS Protect Cloud.


Be sure that the prerequisite steps have been completed before you start.


You can only submit certificate requests for applications where you are listed as an owner. Also, the application must have at least one certificate issuing template assigned to it.

If either of these are not met, edit the application before proceeding.

To request a certificate

  1. In the menu bar, click New > Certificate Request.


    In the menu bar, click Applications. Click the more action icon image of the vertical ellipses icon on the certificate row, and then click Request Certificate.

  2. From the Application dropdown, choose the application that this request is for. This drop-down is already pre-selected if you started the request from an Application.

    Why don't I see the application I'm looking for?

    Only applications that meet the criteria listed in the note above will show up. Make sure the application meets those criteria.

  3. Select which Issuing Template you want to use for this request. When you select a template, the details of that template show in the Policy column on the right.

  4. (Optional) Select or create one or more tags to be added to this certificate. These tags will be associated with the certificate in TLS Protect Cloud after the certificate is issued.

    What are tags?

    In TLS Protect Cloud, tags are user-defined keys or key:value pairs that can be assigned to certificates. Tags allow you to add customized meta information to certificates beyond just the certificate properties. This gives you more insight and control in managing your certificate inventory, and it provides the ability for 3rd party integrations to act based on the presence or absence of tags.

  5. Click Continue.

  6. Select the Request method you want to use. If one of the buttons is grayed out, the PKI Administrator has disabled that option in the issuing template.

    Complete the fields. Depending on the issuing template, some fields may be pre-populated and others may be locked.

    For fields that you can edit, make sure that they conform to the guidelines in the Policy column on the right.

    After you've completed the fields, click Submit Request.

    Select a Validity period, paste the CSR into the CSR Upload field.

    If you need to add additional DNS SANs to the CSR you uploaded, choose the Yes, add DNS SANs to CSR option, then provide the additional SANs entries.

    When you are done, click Submit Request.

  7. Click Finish.

The request is now sent to the CA specified on the issuing template.

Certificate request timeouts

Certificate requests placed through DigiCert expire in 7 days. Requests placed through GlobalSign MSSL expire in 24 hours. Requests through all other CAs expire in 30 minutes.

View the certificate request

  1. In the menu bar, click Inventory > Certificate Requests. By default, the most recent request should be at the top of the list.

  2. If there are default filters set, click Clear.

  3. Click Filter and then enter a piece of information you know about the certificate (for example, its domain name or owner).

  4. Click Apply.

    The list changes to display certificates with the criteria you specified.

  5. Click a certificate's tile to see its details.