Skip to main content

Choose keypair generation method

DigiCert​​®​​ IoT Trust Manager supports client-side and server-side keypair generation for batch enrollment jobs and individual certificate requests. The configuration of your enrollment profile determines which keypair generation methods are available when creating a batch job.

  • Client-side keypair generation

    With client-side keypair generation, you create a private key and certificate signing request (CSR) for each enrollment in the batch. You provide the CSR data when you start the batch enrollment job.

  • Server-side keypair generation

    With server-side keypair generation, DigiCert​​®​​ IoT Trust Manager generates and encrypts the private key for each enrollment. When the batch job is completed, you download the encrypted private keys and the issued certificates together.

In this section: