Skip to main content
This section shows you how to initiate a certificate request in Venafi TPP through the Futurex Adaptable CA driver, approve the request on the KMES, and view the issued certificate in Venafi TPP.

Request a certificate

Perform the following steps to initiate a certificate request in Venafi TPP:
1
Log in to Venafi Trust Protection Platform.
2
Select Inventory > Certificates in the main menu.
3
Select [ Create a New Certificate ] in the upper-right corner of the page.
4
In the Certificate Folder drop-down menu, select the certificate policy you created and specify the required values in the fields that populate.You must select Enrollment for the Management Type.You can use various formats to specify the certificate Validitity Period, such as 1 year, 1y, 2 years, 2y, 1mo, 3 weeks, 1 week, 1 weeks, 10d, 10 days, and so on.Select [ Next ] when finished.
5
In the CSR Generation drop-down menu, select Generate a CSR for me, specify the necessary values for the CSR, and select [ Next ] when finished.
6
Specify any additional information you want to include in the request, such as Subject Alternate Names (DNS).Specify the Subject Alternate Names (SANs) you specify in URI format.Then, select [ Create Certificate ].
You should see a message stating that the certificate request has been submitted.
If you configured the dual user roles option to separate certificate requesting and certificate approval responsibilities, you might see the following message after submitting the certificate request. This is expected behavior.
None
An Error Occured
Failed to approve request with error: Command failed: 
FAILED TO UPDATE X509 REQUESTS: UPLOADER CANT APPROVE OWN 
UPLOAD

Approve the certificate request on the KMES

Perform the following steps to approve the certificate request on the KMES:
1
Log in to the KMES Series 3 application interface with the default Admin identities.
2
Go to Administration > Signing Workflow.
You should see the certificate signing request inside your Venafi Adaptable CA approval group.
3
Right-click the pending certificate request and select [ Approve ].When notified that the new status of the certificate request is Approved, select [ OK ].
The Signing Workflow menu shows the status of the certificate as Signed.

View the issued certificate in Venafi TPP

Perform the following steps to view the KMES-issued certificate in Venafi TPP:
1
Log in to the Venafi Trust Protection Platform.
2
Select Policy Tree in the main menu.
3
Expand the policy you created and select the relevant certificate request.
4
If you configured the dual user roles option to separate certificate requesting and certificate approval responsibilities, you should see the following certificate status:
None
Failed to approve request with error: Command failed: FAILED TO UPDATE X509 REQUESTS: UPLOADER CANT APPROVE OWN UPLOAD
5
Select [ Retry ] to retry the request from the current stage. You should see the following message after doing so:
None
Queued for retry of current stage
6
Select [ Refresh ] after a few seconds, and the certificate status should change to OK.