Skip to content

Requesting and viewing a certificate

You can easily request, download, and view a requested certificate using TLS Protect Cloud.

Before you begin

Have the following ready before you start:

  • If you plan to use an existing application for this request, make sure you are listed as an owner of that application and that the application has at least one certificate issuing template assigned to it.

  • If you're going to create a new application as part of this request, make sure that a certificate issuing template is in place that meets your requirements.

To request a certificate

  1. Sign in to Venafi Control Plane.
  2. Click Inventory > Certificate Requests.


    In the menu bar, click Applications. Click the more action icon image of the vertical ellipses icon on the certificate row, and then click Request Certificate.

  3. From the Application dropdown, either select an existing application to use for this request, or select Create a new application. This drop-down is already pre-selected if you started the request from an application.

    1. From the Application dropdown, select the application to use for this request.
    2. Select which Issuing Template you want to use for this request.

      When you select a template, the details of that template show in the Issuing Template Policy column on the right. If the application you selected has only one issuing template, that template is preselected.

    1. From the Application dropdown. select Create a new application.
    2. From the Create a new application modal, complete the following fields:
      • Enter an Application Name for your new application.
      • (Optional) Enter a Description, which can be helpful to other users and teams who might need to know the purpose of your application.
      • Select Owners, which can be both individual users or teams. If you're a Resource Owner, you must select either yourself or a team that you're a member of.
      • Select one or more Issuing Templates.

        When you select a template, the details of that template show in the Issuing Template Policy column on the right. If you added just one issuing template to the application, that template is preselected.

  4. (Optional) Select or create one or more tags to be added to this certificate. These tags will be associated with the certificate in TLS Protect Cloud after the certificate is issued.

    What are tags?

    In TLS Protect Cloud, tags are user-defined keys or key:value pairs that can be assigned to certificates. Tags allow you to add customized meta information to certificates beyond just the certificate properties. This gives you more insight and control in managing your certificate inventory, and it provides the ability for 3rd party integrations to act based on the presence or absence of tags.

  5. Click Continue.

  6. Select the Request method you want to use. If one of the buttons is grayed out, the PKI Administrator has disabled that option in the issuing template.

    Complete the fields. Depending on the issuing template, some fields may be pre-populated and others may be locked.

    For fields that you can edit, make sure that they conform to the guidelines in the Policy column on the right.

    After you've completed the fields, click Submit Request.

    Select a Validity period, and then paste the CSR into the CSR Upload field.

    For some CAs, you can either add (inject) additional DNS SANs to the CSR, or you can replace (overwrite) all DNS SANs on the CSR.

    If your CA supports either (or both) of these features, additional options allow you to configure the new SANs. Learn about which CAs support DNS SANs injection or overwrite.

    When you are done, click Submit Request.

  7. Click Finish.

The request is now sent to the CA specified on the issuing template.

Certificate request timeouts

Certificate requests placed through DigiCert expire in 7 days. Requests placed through GlobalSign MSSL expire in 24 hours. Requests through all other CAs expire in 30 minutes.

View the certificate request

  1. Click Inventory > Certificate Requests. By default, the most recent request should be at the top of the list.

  2. If there are default filters set, click Clear.

  3. Click Filter and then enter a piece of information you know about the certificate (for example, its domain name or owner).

  4. Click Apply.

    The list changes to display certificates with the criteria you specified.

  5. Click a certificate's tile to see its details.