Test a certificate request, approval, and issuance

3min
This section shows you how to initiate a certificate request in Venafi TPP through the Futurex Adaptable CA driver, approve the request on the KMES, and view the issued certificate in Venafi TPP.
Request a certificate in Venafi TPP
To initiate a certificate request in Venafi TPP, perform the following steps:
1
Log in to Venafi Trust Protection Platform.
2
Select Inventory > Certificates in the main menu.
3
Select [ Create a New Certificate ] in the upper-right corner of the page.
4
In the Certificate Folder drop-down menu, select the certificate policy you created, and specify the required values in the fields that populate. 
You must select Enrollment for the Management Type.
You can use various formats to specify the certificate Validitity Period, such as 1 year, 1y, 2 years, 2y, 1mo, 3 weeks, 1 week, 1 weeks, 10d, 10 days, and so on.
Select [ Next ] when finished.
5
In the CSR Generation drop-down menu select Generate a CSR for me, specify the necessary values for the CSR, and select [ Next ] when finished.
6
Specify any additional information you want to include in the request, such as Subject Alternate Names (DNS). 
Specify the Subject Alternate Names (SANs) you specify in URI format.
Then, select [ Create Certificate ]. 
You should see a message stating that the certificate request has been submitted.
If you configured the dual user roles option to separate certificate requesting and certificate approval responsibilities, you might see the following message after submitting the certificate request. This is expected behavior.
Text
An Error Occured
Failed to approve request with error: Command failed: FAILED TO UPDATE X509 REQUESTS: UPLOADER CANT APPROVE OWN UPLOAD
An Error Occured
Failed to approve request with error: Command failed: FAILED TO UPDATE X509 REQUESTS: UPLOADER CANT APPROVE OWN UPLOAD
﻿
Approve the certificate request on the KMES
To approve the certificate request on the KMES, perform the following steps:
1
Log in to the KMES Series 3 application interface with the default Admin identities.
2
Go to Administration > Signing Workflow. 
You should see the certificate signing request inside your Venafi Adaptable CA approval group.
3
Right-click the pending certificate request and select [ Approve ]. 
When notified the new status of the certificate request is Approved. Select [ OK ].
The Signing Workflow menu shows the status of the certificate as Signed.
View the issued certificate in Venafi TPP
To view the KMES-issued certificate in Venafi TPP, perform the following steps:
1
Log in to the Venafi Trust Protection Platform.
2
Select Policy Tree in the main menu.
3
Expand the policy you created and select the relevant certificate request.
4
If you configured the dual user roles option to separate certificate requesting and certificate approval responsibilities, you should see the following certificate status:
Text
Failed to approve request with error: Command failed: FAILED TO UPDATE X509 REQUESTS: UPLOADER CANT APPROVE OWN UPLOAD
Failed to approve request with error: Command failed: FAILED TO UPDATE X509 REQUESTS: UPLOADER CANT APPROVE OWN UPLOAD
﻿
5
Select [ Retry ] to retry the request from the current stage. You should see the following message after doing so:
Text
Queued for retry of current stage
Queued for retry of current stage
﻿
6
Select [ Refresh ] after a few seconds and the certificate status should change to: OK.
﻿
﻿
Updated 26 Feb 2024
Did this page help you?
Configure Venafi TPP to use the Futurex Adaptable CA driver
Appendix: Common errors