Request workflow
Each Request has the same lifecycle described by the following figure.
Requester
A requester is someone who is granted the permission to request a certificate (enroll, renew, revoke, update, recover).
Approver
An approver is someone who is granted the permission to approve a request (enroll, renew, revoke, update, recover). An approver cannot approve its own request.
Owner
A request owner is someone who is designated as the benefactor for the request. It can view the request like the requester (in the My requests drawer), but unlike the requester, they can also access the certificate information (PKCS#12, challenge password).
The owner is computed according to the following rules:
-
enroll, update, migrate: the owner is the one defined in the request template (ownership tab)
-
renew: the owner of the request is the owner of the renewed certificate
-
recover: the owner is the requester of the recover request
-
revoke: no owner is associated with the request
| User type | Can view the request | Can view the PKCS#12 | Can view the challenge password |
|---|---|---|---|
Requester |
Yes |
No |
No |
Owner |
Yes |
Yes |
Yes |
Any user with the Enroll API/ Renew API permission can access the PKCS#12 or the challenge password for the workflow regardless of ownership status
|