Defining reason codes for certificate approvals

When a workflow triggers an approval request, the approver receives a notification that includes the workflow’s associated reason code. The reason code provides instructions or information for the workflow approvers.

In the Workflow tree, you create the reason codes you want to associate with Certificate, or Injection Command Approval Requests. For example, you may define a general reason code that indicates the cost associated with approving the certificate, or you may create separate reason codes with specific instructions for each type of workflow that requires approval.

IMPORTANT  You must have the View and Write permissions to the Workflow root.

Suppose you want to create reason codes for approving certificate approval and renewals. Here are some sample reason codes you could create.

Remember, you create your own reason code numbers.

Reason Description

Approval for Renewal (Stage 0)

The certificate with common name of "$Config[$Config[$SelfDN$,Owner Object]$,X509 Subject]$" is being enrolled. Approval is required for this process to proceed.

Approval for Enrollment (Stage 500)

The CSR for "$Config[$Config[$SelfDN$,Owner Object]$,X509 Subject]$" is waiting to be signed by the $CN[$Policy[$Config[$SelfDN$,Owner Object]$,Certificate Authority]$]$ CA. Approval is required for this process to proceed.

Approval for Installation (Stage 800)

The certificate for the $CN[$Config[$SelfDN$,Owner Object]$]$ application is now ready to be installed on the $CN[$ParentDN[$Config[$SelfDN$,Owner Object]$]$]$ device. Approval is required for this process to proceed.

Approval for Service Restart (Stage 1100)

The certificate for the $CN[$Config[$SelfDN$,Owner Object]$]$ application has been installed on the $CN[$ParentDN[$Config[$SelfDN$,Owner Object]$]$]$ device, and the application is now pending a restart for the installation to be complete. Approval is required for this process to proceed.

Approval for  Revocation (Stage 1400)

A request has been made to revoke a certificate which has a common name of "$Config[$Config[$SelfDN$,Owner Object]$,X509 Subject]$". Approval is required for this process to proceed.

To learn about Workflow stages, see Workflow object settings.

To learn about working with macros, see Macro overview.

  1. From the Platform menu bar, click Policy Tree.
  2. Select the Root Workflow object.
  3. Click Create.

  4. Define the Reason Code settings.

    The following table describes the Reason Code settings.

    Field

    Description

    Create

    Creates a new Reason Code.

    Delete

    Deletes the currently selected Reason Code.

    Export

    Exports the Reason Codes to a CSV, tab-delimited, HTML, or XML file.

    Refresh

    Refreshes the contents of the current page.

    Code

    Number you associate with the current Reason Code.

    You select this number when you include a Reason Code in an approval workflow. For more information, see Approval Reason Code.

    Name

    Reason Code name

    Description

    Reason Code text that displays in the notification that is sent to the approver.

    Reason Codes provide customized explanations or instructions for approvers. You can provide standard information such as the cost associated with approving the certificate or you may provide specific instructions for the certificate approval.

    You can include Trust Protection Platform macro commands in the Reason Code description. The macro language allows administrators to call variable content for fields such as message body and workflow approver.

  5. Click Save/Add.

    The Reason Code now appears in the Reason Code list and can be selected when you create certificate approval workflows.