Choose keypair generation method
DigiCert® IoT Trust Manager supports client-side and server-side keypair generation for batch enrollment jobs and individual certificate requests. The configuration of your enrollment profile determines which keypair generation methods are available when creating a batch job.
Client-side keypair generation
With client-side keypair generation, you create a private key and certificate signing request (CSR) for each enrollment in the batch. You provide the CSR data when you start the batch enrollment job.
Server-side keypair generation
With server-side keypair generation, DigiCert® IoT Trust Manager generates and encrypts the private key for each enrollment. When the batch job is completed, you download the encrypted private keys and the issued certificates together.