Pending Request Alert Operations

Pending certificate request alerts are designed to send an email notification to certificate approvers when a certificate request is received that requires approval based on policy on the CAClosed A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA.. Pending request alerts can also be sent to the original certificate requesters alerting them that their certificate requests have been sent.

Important:  These alerts are not used to provide email alerts or run event handlers for certificate requests that require approval based on policies configured in Keyfactor Command workflows. Pending request notification for requests handled by Keyfactor Command workflowClosed A workflow is a series of steps necessary to complete a process. In the context of Keyfactor Command, it refers to the workflow builder, which allows you automate event-driven tasks when a certificate is requested or revoked. are configured within the workflow (see Adding or Modifying a Workflow Definition).

Pending Request Alert operations include:

  • Creating, editing or deleting a pending alert

  • Configuring an alert schedule

  • Copying alerts to create similar alerts for different recipients or situations

  • Testing alerts

Refer to the following table for a complete list of the substitutable special text that can be used to customize alert messages.

Table 10: Substitutable Special Text for Pending Request Alerts

Variable

Name

Description

{apprlink}

Approval Link

Link pointing to the certificate-specific approval page in the Management Portal where the person responsible for approving the request can go to approve or deny the request

{reqid}

CMS Request Id

The request ID for the certificate as stored in the Keyfactor Command database. This is not the same as the request ID issued by the CA.

{rcn}

Requested Common Name

Common name contained in the certificate request

{rdn}

Requested Distinguished Name

Distinguished name contained in the certificate request

{requester}

Requester

The user account that requested the certificate from the CA, in the form "DOMAIN\username"

{requester:mail}

Requester’s Email

Email address retrieved from Active Directory of the user account that requested the certificate from the CA, if present

{requester:givenname}

Requester’s First Name

First name retrieved from Active Directory of the user account that requested the certificate from the CA, if present

{requester:sn}

Requester’s Last Name

Last name retrieved from Active Directory of the user account that requested the certificate from the CA, if present

{requester:displayname}

Requester's Display Name

Display name retrieved from Active Directory of the user account that requested the certificate from the CA, if present

{careqid}

Issuing CA / Request ID

A string containing the Issuing CA name and the certificate’s Request ID from the CA

{san}

Subject Alternative NameClosed The subject alternative name (SAN) is an extension to the X.509 specification that allows you to specify additional values when enrolling for a digital certificate. A variety of SAN formats are supported, with DNS name being the most common.

Subject alternative name(s) contained in the certificate request. There are four possible sources for the SANs that appear here:

{subdate}

Submission Date

Date the certificate request was submitted

{template}

Template Name

Name of the certificate template used to create the certificate request

{templateshortname}

Template Short Name

Short name (often the name with no spaces) of the certificate template used to create the certificate request

{metadata: Email-Contact}

Email-Contact

Example of a custom metadata field

{requester:field}

String Value from AD

Locates the object in Active Directory identified by the user or computer account that requested the certificate from the CA, and substitutes the contents of the attribute named by "field". For example, for users:

  • {requester:department}
  • {requester:sAMAccountName}

For computers:

  • {requester:operatingSystem}
  • {requester:location}
  • {requester:managedBy}
Note:  This substitutable special text field is partially user defined—you pick the field out of AD to include—and is therefore not available in the Insert special text dropdown; it needs to be typed manually.