Skip to main content

Choose keypair generation method

DigiCert​​®​​ IoT Trust Manager supports client-side and server-side keypair generation for batch enrollment jobs and individual certificate requests. The configuration of your enrollment profile determines which keypair generation methods are available when creating a batch job.

  • Client-side keypair generation

    With client-side keypair generation, you create a private key and certificate signing request (CSR) for each enrollment in the batch. You provide the CSR data when you start the batch enrollment job.

  • Server-side keypair generation

    With server-side keypair generation, DigiCert​​®​​ IoT Trust Manager generates and encrypts the private key for each enrollment. When the batch job is completed, you download the encrypted private keys and the issued certificates together.