Prepare enrollment data
This section provides instructions to help you prepare the data required to create a batch enrollment job in DigiCert® IoT Trust Manager.
When you start a batch job, you provide enrollment data for each certificate you need. You format this data according to the requirements of your chosen keypair generation method:
Client-side keypair generation (you provide the CSRs in your request)
Server-side keypair generation (DigiCert® IoT Trust Manager generates keypairs for you)
Client-side keypair generation
For batch jobs using client-side keypair generation, you provide a CSR for each certificate request in the batch job. Prepare your CSRs using one of these formats:
Upload compressed CSR files for each enrollment in the batch job. See CSR requirements.
Upload compressed CSV file with CSRs and other information for each enrollment in the batch job. See CSV requirements.
With client-side keypair generation, there is no limit on the number of enrollments you can request. However, you cannot upload a file larger than 200 MB.
To create a batch enrollment job from a collection of CSRs, prepare a PEM-encoded CSR for each certificate you want to request.
When your CSRs are ready, compress them to a ZIP archive and start the batch job.
To create a batch enrollment job from a CSV file, submit a CSV file with the following format:
The header row includes a
csr
column along with columns for each required certificate field.Tip
Use the DigiCert® IoT Trust Manager API to download a CSV template with certificate fields for a given enrollment profile.
Each row beneath the header has details for a single certificate request.
After you format the CSV file, you can upload it as-is, or you can compress it into a ZIP file. There is no limit on the number of certificates you can request in a batch job, but the file you upload must not exceed 200 MB.
When your CSV file is ready, you can start the batch job.
The following example shows the CSV format for a batch job to issue five certificates using client-side keypair generation. For this example, the required certificate fields are:
Common name (
subject.common_name
)Organization name (
subject.organization_name
)SAN DNS (
san.dns_name
).
"subject.common_name","subject.organization_name","subject.organization_unit","san.dns_name","csr" "Example01","DigiCert","IoT","example-01.com","-----BEGIN CERTIFICATE REQUEST-----MIICYz...-----END CERTIFICATE REQUEST-----" "Example02","DigiCert","IoT","example-02.com","-----BEGIN CERTIFICATE REQUEST-----MIICYz...-----END CERTIFICATE REQUEST-----" "Example03","DigiCert","IoT","example-03.com","-----BEGIN CERTIFICATE REQUEST-----MIICYz...-----END CERTIFICATE REQUEST-----" "Example04","DigiCert","IoT","example-04.com","-----BEGIN CERTIFICATE REQUEST-----MIICYz...-----END CERTIFICATE REQUEST-----" "Example05","DigiCert","IoT","example-05.com","-----BEGIN CERTIFICATE REQUEST-----MIICYz...-----END CERTIFICATE REQUEST-----"
Server-side keypair generation
To start a batch enrollment job using server-side keypair generation, you must submit a request that includes:
Information about each enrollment in the batch job. DigiCert® IoT Trust Manager supports two ways to submit enrollment details:
Upload compressed CSV file
Upload a compressed CSV file with information about each enrollment in the batch job. See CSV requirements.
Use media access control (MAC) addresses
Get certificates for a series of MAC addresses. See MAC address requirements.
A PEM-encoded authentication certificate or PGP public key for encrypting the private keys and issued certificates.
To submit your certificate or PGP key, use the
certificate
field in the body of your request to start the batch job. Thecertificate
field contains a string with your base64-encoded encryption certificate or PGP key.Tip
For example requests that include encryption certificate data, see Start the batch job.
For examples that demonstrate how to decode and decrypt your issued certificates from the command line, see Download certificates.
To create a batch enrollment job from a CSV file, submit a CSV file with the following format:
The header row includes a column for each required certificate field.
Tip
Use the DigiCert® IoT Trust Manager API to download a CSV template with certificate fields for a given enrollment profile.
Each row beneath the header has details for a single certificate request.
After you format the CSV file, you can upload it as-is, or you can compress it into a ZIP file. There is no limit on the number of certificates you can request in a batch job, but the file you upload must not exceed 200 MB.
When your CSV file is ready, you can start the batch job.
This example shows how to format a CSV file for a batch job to issue five certificates using server-side keypair generation. For this example, the required certificate fields are:
Common name (
subject.common_name
)Organization name (
subject.organization_name
)SAN DNS (
san.dns_name
).
"subject.common_name","subject.organization_name","subject.organization_unit","san.dns_name" "Example01","DigiCert","IoT","example-01.com" "Example02","DigiCert","IoT","example-02.com" "Example03","DigiCert","IoT","example-03.com" "Example04","DigiCert","IoT","example-04.com" "Example05","DigiCert","IoT","example-05.com"
To create a batch enrollment job using MAC addresses, provide the following pieces of information:
Starting MAC address, formatted as
XX:XX:XX:XX:XX:XX
orXX-XX-XX-XX-XX-XX
.Number of certificates to request (500,000 maximum).
Number by which to increment the MAC address for each sequential enrollment.
Each MAC address in the sequence is the common name for an issued certificate. For example, if the data for your MAC address sequence looks like this:
Starting MAC address: 00:1a:c2:7b:00
Number of certificates: 5
Number by which to increment: 10
Then the batch job issues five certificates with these common name values:
00-1a-c2-7b-00-00
00-1a-c2-7b-00-0a
00-1a-c2-7b-00-14
00-1a-c2-7b-00-1e
00-1a-c2-7b-00-28
Download a CSV template for batch enrollment jobs
If you are using a CSV file to provide enrollment data for the batch job, you can download a CSV template for your enrollment profile from DigiCert® IoT Trust Manager. The template includes column headers for each certificate field used in the enrollment profile. To create a batch job, populate the template with your enrollment data, and include the CSV file in your request to start a batch job.
To download the CSV template for an enrollment profile, submit a GET
request to the following endpoint:
{{base_url}}/iot/api/v1/enrollment-profile/{{enrollment_profile_id}}/batch-enroll-csv-template
A successful request returns an HTTP response status code of 200 OK
, with a Content-Type header of text/csv
.
For example: