This section lists down all the certificate requests pertaining to a Desktop Signing user. 


Once you have created a Desktop Signing account, follow these steps to create a certificate request:


CSP Profile

CSP Profile with CAA Records


CSP Profile

  1. You can create a certificate request, using  icon on top right.



  1. Select the certificate type from the drop down, the key store will be auto-filled and disabled. Select validity period. as displayed below:



  1. Click the "Create" button. The Subject Distinguished Name (SDN) screen will appear. Enter the Common Name and click next.  



The Certificate Validity screen will appear. Click "Generate".



The download message will appear, where you can either download certificate with or without PFX. 



All the certificate requests related to the Desktop Signing user will be listed here. 


CSP Profile with CAA Records


On the web portal, navigate to the Certificate Center from the left menu pane and then click "Certificate Requests". Then click to create a new certificate request.



Select the Certificate Type from the drop down, the Key Store and Validity Period will be auto-filled and disabled as displayed below:



Click the "Create" button. The Subject Distinguished Name (SDN) screen will appear. Enter the Common Name, Email, Locality, State and country. Then click next.  



On the Subject Alternative Name (SAN) screen. Select the Domain Names (DNS) that are configured in the enterprise from the drop down, enter IP address and Email address. Scroll down to Other Name, enter OID and Value, then click next. 



The Certificate Validity screen will appear in a disabled form. Click next. 



The Domain Ownership Verification screen will appear with the status as unverified. Click Verify.



Once verified, the status will appear Verified as displayed. Click Generate.



The Certificate Generated confirmation message will appear, as displayed below:



Second Factor Authentication 


If second factor authentication is enabled on certificate requests, the configured authentication mechanism will function accordingly. When a user clicks on the Generate button, the authentication window will appear, and once it accepts the selected method, it will generate a certificate. 


The authentication mechanism can be one of the following:


  • SMS OTP Authentication 
  • Email OTP Authentication 
  • Email & SMS Authentication
  • SAML Authentication 
  • Active Directory Authentication 
  • Azure Active Directory Authentication
  • OIDC Authentication


Request Notes


If an operator has added customized request notes in certificate requests pertaining to a specific enterprise, they will appear in all types of certificates requests i.e. issued, rekey, revoked, renewed and reissued certificate requests. The request notes will appear on the steppers only against which the operator has customised them. 


An operator can configure it from the Enterprise Request Notes section in the admin portal.