Actions
Create Certificate
Create a new certificate.
Note: The Certificate Signing Request (CSR)
parameter is required in most cases, read its description for more details.
Parameters
Parameter | Description |
---|---|
Certificate Email | The email address to include in the certificate. Applicable to S/MIME and Document Signing only.Document Signing: * Required field. * Email must match a verified Signer User. S/MIME Certificates: * Email address must be included in the Distinguished Name (DN). |
Certificate Expiry Date | The date when the certificate should expire. This value is ignored when Certificate Lifetime parameter is specified.Note: This parameter is required for subscription license certificates. |
Certificate Lifetime | The lifetime of the certificate specified as an ISO 8601 duration. For example: * P1Y (1 year)* P2Y (2 years) |
Certificate Signing Request (CSR) | The certificate signing request in PEM format, base-64 encoded with or without BEGIN/END labels. A CSR is required for most certificates, unless specified otherwise. Exceptions include: * Document Signing - CSR not needed for CDS_INDIVIDUAL and CDS_GROUP.* S/MIME certificates - Either CSR or password are required.* Mark certificates - CSR is optional.* Duplicate certificates - CSR is required, and CN must match original certificate. |
Certificate Transparency Log | Select to submit the certificate to Certificate Transparency logs for a better monitoring. When un-checked but account is set to “always log”, the certificate generation will fail. Note: Logging is not available for private SSL and SSL client certificates. |
Certificate Type | The type of certificate to issue. |
Client ID | The client identifier. When omitted: * If Organization parameter is provided - primary client is used (value of 1 ).* If Organization parameter is not provided - system attempts to match organization from CSR to an approved client. |
Common Name (CN) | The common name for the certificate. Applicable to S/MIME and Document Signing Individual certificates only.Document Signing Individual certificates: * Required field. * CN must be “firstname lastname” of a verified signer. S/MIME certificates: * CN must be either full legal name or email address. |
End User Key Storage Agreement | Select to inform the end user of the requirement to store the private key on cryptographically secure hardware to be compliant with the Entrust CSP and Subscription agreement. Note: This parameter is applicable to Code Signing certificates only. |
Extended Key Usage | The extended key usage for the certificate. Note: This parameter is applicable to all SSL certificate types. |
Given Name | The given name (first name) of the certificate subject. Note: This parameter is applicable to S/MIME certificates only. |
Organization | The organization name for the certificate. When provided, this value is used in the certificate, overriding any organization in CSR. Exception for Private Dedicated SSL (PD_SSL): * When omitted, organization from CSR is used (if available). * If CSR has no specified organization, client organization is used. Important Restrictions: * For most certificate types - this parameter only valid with Client ID of 1 (primary client).* For PD_SSL certificates - this parameter can be used with any Client ID .* For S/MIME certificates - additional organizations under the primary client cannot be used in this parameter. |
Organizational Unit | The organizational unit (OU) of the certification. OUs are not supported with the following certification types: * Public SSL/TLS certificates. * Verified Mark certificates (VMC). * S/MIME Enterprise certificates. For new certificates the Organizational Unit parameter overrides the CSR value. |
Password | The certificate pickup password. Must be at least 8 characters long and include at least one uppercase letter, one lowercase letter, one numeric character, and one special character (!@#$%^&*()). |
Queue For Approval | Select to queue the certificate for approval instead of issuing immediately. Note: This parameter is applicable to SSL and Document Signing certificates only. |
Signing Algorithm | The algorithm used to sign the certificate. Note: Only SHA-2 is supported. |
Subject Alternative Name (SAN) | A comma-separated list of subject alternative name identifiers (SANs) to include in the certificate. This parameter applies only to SSL and VMC certificates.SSL certificates: * When CSR contains neither CN nor SANs, at least one domain must be specified in the SAN parameter. VMC certificates: * This parameter is required and must include at least one domain name. * CN and SAN entries in the CSR are disregarded. Certificate renewal/reissue: * For subscription-based SSL/VMC certificates, domains present in the original certificate cannot be removed during renewal. |
Surname | The surname of the certificate subject. Note: This parameter is applicable to S/MIME certificates only. |
User Principal Name (UPN) | User Principal Name for the certificate subject. Note: This parameter is applicable to SMIME_ENT certificate only. If specified, the value must be a valid email address and its domain must be the approved domain for that client. |
Validate Only | Select to only validate the request without actually issuing the certificate. |
Example Output
Workflow Library Example
Create Certificate with Entrust Certificate Services and Send Results Via Email
Preview this Workflow on desktop