Skip to content

Request certificates

You can manually request certificates in Zero Touch PKI to test the system or address one-off scenarios (for example, when a server's certificate is about to expire and you can't issue a replacement automatically).

Prerequisites

  • A user role with permissions to request certificates (Account Admin, Organization Admin, or Requestor).
  • A certificate signing request (CSR) from the system where you'll install the certificate.

To request a certificate

  1. Sign in to Zero Touch PKI.
  2. Click Request.
  3. Select an account.
  4. Select an organization.

  5. Select a certificate policy.

    Requesting a certificate

  6. In Paste CSR, paste a certificate signing request.

  7. Click Parse CSR.

  8. In Complete Certificate Request, enter or confirm pre-populated fields based on the policy. Not all fields appear for all policies.

    • Validity: Certificate lifetime. Editable only if the policy allows it.
    • Details: Certificate Common Name (CN), Organization (O), Country (C), and expiry emails.
    • Subject Alt DNS Name: Comma-separated hostnames the certificate must cover (for example, yourcompany.com, www.yourcompany.com).
    • Subject Alt IP Address: Comma-separated IPv4/IPv6 addresses the certificate must cover (for example, 10.0.0.10, 2001:db8::1).

  9. Click Issue Certificate. Zero Touch PKI issues the certificate. The Certificate Details page appears. On this page, you can download the certificate to manually install it.