> ## Documentation Index
> Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create Certificate

Create a new certificate.

**Note**: The `Certificate Signing Request (CSR)` parameter is required in most cases, read its description for more details.

## Parameters

<div className="integrations-table">
  | Parameter                         | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
  | --------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
  | Certificate Email                 | The email address to include in the certificate. Applicable to `S/MIME` and `Document Signing` only.<br /><br />**Document Signing**:<br />\* Required field.<br />\* Email must match a verified Signer User.<br /><br />**S/MIME Certificates**:<br />\* Email address must be included in the Distinguished Name (DN).                                                                                                                                                                                                                                                                                                                                                                                              |
  | Certificate Expiry Date           | The date when the certificate should expire. This value is ignored when `Certificate Lifetime` parameter is specified.<br /><br />**Note**: This parameter is required for subscription license certificates.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
  | Certificate Lifetime              | The lifetime of the certificate specified as an ISO 8601 duration.<br /><br />For example:<br />\* `P1Y` (1 year)<br />\* `P2Y` (2 years)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |
  | Certificate Signing Request (CSR) | The certificate signing request in PEM format, base-64 encoded with or without BEGIN/END labels.<br /><br />**A CSR is required for most certificates**, unless specified otherwise.<br /><br />**Exceptions include**:<br />\* `Document Signing` - CSR not needed for CDS\_INDIVIDUAL and CDS\_GROUP.<br />\* `S/MIME certificates` - Either CSR or password are required.<br />\* `Mark certificates` - CSR is optional.<br />\* `Duplicate certificates` - CSR is required, and CN must match original certificate.                                                                                                                                                                                                |
  | Certificate Transparency Log      | Select to submit the certificate to Certificate Transparency logs for a better monitoring.<br /><br />When un-checked but account is set to "always log", the certificate generation will fail.<br /><br />**Note**: Logging is not available for `private SSL` and `SSL client` certificates.                                                                                                                                                                                                                                                                                                                                                                                                                         |
  | Certificate Type                  | The type of certificate to issue.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
  | Client ID                         | The client identifier.<br /><br />**When omitted**:<br />\* If `Organization` parameter is provided - primary client is used (value of `1`).<br />\* If `Organization` parameter is not provided - system attempts to match organization from CSR to an approved client.                                                                                                                                                                                                                                                                                                                                                                                                                                               |
  | Common Name (CN)                  | The common name for the certificate. Applicable to `S/MIME` and `Document Signing Individual` certificates only.<br /><br />**Document Signing Individual certificates**:<br />\* Required field.<br />\* CN must be "firstname lastname" of a verified signer.<br /><br />**S/MIME certificates**:<br />\* CN must be either full legal name or email address.                                                                                                                                                                                                                                                                                                                                                        |
  | End User Key Storage Agreement    | Select to inform the end user of the requirement to store the private key on cryptographically secure hardware to be compliant with the Entrust CSP and Subscription agreement.<br /><br />**Note**: This parameter is applicable to `Code Signing` certificates only.                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
  | Extended Key Usage                | The extended key usage for the certificate.<br /><br />**Note**: This parameter is applicable to all `SSL` certificate types.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
  | Given Name                        | The given name (first name) of the certificate subject.<br /><br />**Note**: This parameter is applicable to `S/MIME` certificates only.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
  | Organization                      | The organization name for the certificate.<br /><br />When provided, this value is used in the certificate, overriding any organization in CSR.<br /><br />**Exception for Private Dedicated SSL (PD\_SSL)**:<br />\* When omitted, organization from CSR is used (if available).<br />\* If CSR has no specified organization, client organization is used.<br /><br />**Important Restrictions**:<br />\* For most certificate types - this parameter only valid with `Client ID` of `1` (primary client).<br />\* For PD\_SSL certificates - this parameter can be used with any `Client ID`.<br />\* For S/MIME certificates - additional organizations under the primary client cannot be used in this parameter. |
  | Organizational Unit               | The organizational unit (OU) of the certification.<br /><br />**OUs are not supported with the following certification types**:<br />\* Public SSL/TLS certificates.<br />\* Verified Mark certificates (VMC).<br />\* S/MIME Enterprise certificates.<br /><br />For new certificates the `Organizational Unit` parameter overrides the CSR value.                                                                                                                                                                                                                                                                                                                                                                    |
  | Password                          | The certificate pickup password.<br /><br />Must be at least 8 characters long and include at least one uppercase letter, one lowercase letter, one numeric character, and one special character (!@#\$%^&\*()).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
  | Queue For Approval                | Select to queue the certificate for approval instead of issuing immediately.<br /><br />**Note**: This parameter is applicable to `SSL` and `Document Signing` certificates only.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
  | Signing Algorithm                 | The algorithm used to sign the certificate.<br /><br />**Note**: Only `SHA-2` is supported.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
  | Subject Alternative Name (SAN)    | A comma-separated list of subject alternative name identifiers (SANs) to include in the certificate. This parameter applies only to `SSL` and `VMC` certificates.<br /><br />**SSL certificates**:<br />\* When CSR contains neither CN nor SANs, at least one domain must be specified in the SAN parameter.<br /><br />**VMC certificates**:<br />\* This parameter is required and must include at least one domain name.<br />\* CN and SAN entries in the CSR are disregarded.<br /><br />**Certificate renewal/reissue**:<br />\* For subscription-based SSL/VMC certificates, domains present in the original certificate cannot be removed during renewal.                                                     |
  | Surname                           | The surname of the certificate subject.<br /><br />**Note**: This parameter is applicable to `S/MIME` certificates only.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
  | User Principal Name (UPN)         | User Principal Name for the certificate subject.<br /><br />**Note**: This parameter is applicable to `SMIME_ENT` certificate only. If specified, the value must be a valid email address and its domain must be the approved domain for that client.                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
  | Validate Only                     | Select to only validate the request without actually issuing the certificate.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
</div>

## Example Output

```json theme={"dark"}
{
	"trackingId": 0,
	"endEntityCert": "string",
	"chainCerts": [
		"string"
	],
	"serialNumber": "string",
	"expiresAfter": "2025-04-07T07:26:17.155Z",
	"pickupUrl": "https://www.entrust.net/ssl/certpickup.cfm?id=5555555-0C227220-A9C9-46A9-95B7-E412C4264F5F",
	"pkcs12": "string",
	"vmcHostingDetails": [
		{
			"domain": "example.com",
			"certificateUrl": "https://bimi.entrust.net/example.com/certificatechain.pem",
			"logoUrl": "https://bimi.entrust.net/example.com/logo.svg"
		}
	]
}
```

## Workflow Library Example

[Create Certificate with Entrust Certificate Services and Send Results Via Email](https://library.blinkops.com/workflows/create-certificate-with-entrust-certificate-services-and-send-results-via-email)

<div className="iframe-wrapper">
  <div className="iframe-media">
    <img src="https://mintcdn.com/blinkops-2/ojHYuDeYX5FWuN8a/img/Icons/play-box.svg?fit=max&auto=format&n=ojHYuDeYX5FWuN8a&q=85&s=b8af968e71438a9499c3223c9bd29fb2" alt="Workflow Library" width="16" height="16" data-path="img/Icons/play-box.svg" />

    Preview this Workflow on desktop
  </div>

  <iframe className="iframe" src="https://library.blinkops.com/workflows/create-certificate-with-entrust-certificate-services-and-send-results-via-email/canvas" />
</div>
