---
title: "How can an application's cert be issued when we deploy an app from the console?"
slug: "how-can-an-applications-cert-be-issued-when-we-deploy-an-app-from-the-console"
updated: 2025-07-23T10:30:20Z
published: 2025-07-23T10:30:20Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://support.fortanix.com/llms.txt
> Use this file to discover all available pages before exploring further.

# How can an application's cert be issued when we deploy an app from the console?

- You add certificate configuration while adding an application through UI.
- These parameters defined for an app are used while creating a build and we embed code to generate a CSR to the converted image.
- Now when we run an application, then it calls the 'Create Certificate' API with CSR as a parameter to the agent running on that node.
- The agent sends the request to the Fortanix Confidential Computing Manager (CCM) backend by adding `node-id` to the parameter.
- The Fortanix CCM backend verifies if the domains for that app are whitelisted, build is whitelisted and application is running in an enclave with a valid attestation, then it creates a certificate for that app running on that node and sends it as a response.
- Whenever a domain is added or updated, a domain whitelisting task is created. Similarly, when a build is created a build whitelisting task is created. These tasks for an app need to be approved before running an application.

*For more information, refer to the*[*User's Guide: Using Applications and Datasets*](/v1/docs/users-guide-using-applications-and-datasets)*.*

## Related

- [What is Application Policy Enforcement and Monitoring?](/what-is-application-policy-enforcement-and-monitoring.md)