Issued Request Alert Operations

An issued certificate request alert is designed to send an email notification to a certificate requester when a certificate request he or she made using a certificate templateClosed A certificate template defines the policies and rules that a CA uses when a request for a certificate is received. that required manager approval is approved.

Issued Request Alert operations include: creating, editing or deleting an issued request alerts, configuring an alert schedule, and copying alerts to create similar alerts for different recipients or collections.

The issued alert handler runs immediately when an enrollmentClosed Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). is approved within the Keyfactor Command platform and also runs via a schedule to pick up any approvals done outside of Keyfactor Command.

Refer to the following table for a complete list of the substitutable special text that can be used to customize alert messages.

Table 11: Substitutable Special Text for Issued Certificate Alerts

Variable

Name

Description

{dnldlink}

Download Link

Link pointing to the Certificate Requests page in the Keyfactor Command Management Portal where the certificate requester or the person responsible for installing the certificate can go to download the certificate. The certificate will be available only in a .cer/.crt format (without the private key) unless private key retention has been enabled on the template (see Certificate Templates).

{certemail}

Email Address in Certificate

Email address contained in the certificate, if present

{cn}

Common Name

Common name contained in the certificate

{dn}

Distinguished Name

Distinguished name contained in the certificate

{certnotbefore}

Issue Date

Validity date of the certificate

{certnotafter}

Expiration Date

Expiration date of the certificate

{issuerDN}

Issuer DN

Distinguished name of the certificate’s issuer

{principal:mail}

Principal’s Email

Email address retrieved from Active Directory of the user whose UPN is contained in the SAN field of the certificate, if present

{principal:givenname}

Principal’s First Name

First name retrieved from Active Directory of the user whose UPN is contained in the SAN field of the certificate, if present

{principal:sn}

Principal’s Last Name

Last name retrieved from Active Directory of the user whose UPN is contained in the SAN field of the certificate, if present

{principal:displayname}

Principal’s Display Name

Display name retrieved from Active Directory of the user whose UPN is contained in the SAN field of the certificate, if present

{requester}

Requester

The user account that requested the certificate from the CA, in the form DOMAIN\username

{requester:mail}

Requester’s Email

Email address retrieved from Active Directory of the user account that requested the certificate from the CA, if present

{requester:givenname}

Requester’s First Name

First name retrieved from Active Directory of the user account that requested the certificate from the CA, if present

{requester:sn}

Requester’s Last Name

Last name retrieved from Active Directory of the user account that requested the certificate from the CA, if present

{requester:displayname}

Requester’s Display Name

Display name retrieved from Active Directory of the user account that requested the certificate from the CA, if present

{careqid}

Issuing CA / Request ID

A string containing the Issuing CA name and the certificate’s Request ID from the CA

{serial}

Serial Number

The serial number of the certificate

{san}

Subject Alternative Name

Subject alternative name(s) contained in the certificate

{template}

Template Name

Name of the certificate template used to create the certificate

{templateshortname}

Template Short Name

Short name (often the name with no spaces) of the certificate template used to create the certificate request

{thumbprint}

Thumbprint

The thumbprint (hash) of the certificate

{upn}

User Principal Name

The user principal name (UPN) contained in the subject alternative name (SAN) field of the certificate, if present (e.g. username@keyexample.com)

{metadata:Email-Contact}

Email-Contact

Example of a custom metadata field

{requester:field}

String Value from AD

Locates the object in Active Directory identified by the user or computer account that requested the certificate from the CA, and substitutes the contents of the attribute named by "field". For example, for users:

  • {requester:department}
  • {requester:sAMAccountName}

For computers:

  • {requester:operatingSystem}
  • {requester:location}
  • {requester:managedBy}
Note:  This substitutable special text field is partially user defined—you pick the field out of AD to include—and is therefore not available in the Insert special text dropdown; it needs to be typed manually.