To issue certificates, you’ll need an enrollment method configured for your Application.
Certificate Details
Click any certificate to view its details:
Metadata is preserved across renewals and can be used to filter the certificate list.
Actions
From the certificate details page, use the Options menu:Issuing Certificates
Go to the Certificate Requests tab and click Request Certificate. Select a certificate profile and choose a request method:
For automated issuance, configure an enrollment method:
- API — Direct API calls or Infisical Agent
- ACME — Certbot, cert-manager, and ACME clients
- EST — RFC 7030 enrollment
- SCEP — Mobile device management (Jamf, Intune)
Renewal
Server-driven renewal requires API enrollment with Infisical-managed keys. Enable it on the enrollment method or toggle it per-certificate.
Export Formats
Revocation
Revoke a certificate when it’s compromised or no longer needed. Specify a reason code (key compromise, superseded, etc.). Revoked certificates are added to the issuing CA’s CRL. Verify revocation status:What’s Next?
Certificate Syncs
Push certificates to AWS ACM, Azure Key Vault, and other destinations.
Alerting
Get notified before certificates expire.
Approvals
Require human review before issuance.
Enrollment Methods
Configure how certificates are requested.