feat(pki): add support for csr based certificate issuance from web ui

[saifsmailbox98]

Context

This will allow users to get their CSRs signed and the certs added to Infisical from the web UI

Screenshots

CleanShot.2026-01-29.at.03.05.32.mp4

Steps to verify the change

Open the Request New Certificate Modal and use the Request Method "CSR" to issue a certificate

Type

• Fix
• Feature
• Improvement
• Breaking
• Docs
• Chore

Checklist

• Title follows the conventional commit format: type(scope): short description (scope is optional, e.g., fix: prevent crash on sync or fix(api): handle null response).
• Tested locally
• Updated docs (if needed)
• Read the contributing guide

[maidul98]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[greptile-apps]

Greptile Overview

Greptile Summary

This PR adds support for CSR-based certificate issuance from the web UI, allowing users to provide their own Certificate Signing Requests when they need to manage their private keys externally.

Key Changes:

• Added request method selector (Managed vs CSR) in the certificate issuance modal
• Conditional rendering of form fields based on request method - CSR mode only shows CSR input and TTL
• Made signatureAlgorithm and keyAlgorithm optional in TypeScript types since these are extracted from the CSR
• Comprehensive documentation guide with OpenSSL examples, format requirements, and FAQ section
• Updated existing documentation to reference the new CSR issuance method

Documentation Quality:
The PR includes excellent documentation (Rule 5 satisfied) covering CSR generation, format requirements, policy compliance, and detailed FAQs. Users will be able to discover this feature through the updated certificate issuance flow and dedicated guide page.

Implementation Notes:

• Form validation properly handles both request methods with dynamic schema generation
• CSR validation and parsing happens on the backend (verified in certificate-csr-utils.ts)
• State management properly resets when switching between request methods
• The UI conditionally renders appropriate form fields based on the selected request method

Confidence Score: 4.5/5

• This PR is safe to merge with minimal risk - it's a well-documented frontend feature addition with proper backend validation
• The implementation is solid with proper form validation, conditional rendering, and comprehensive documentation. Backend CSR parsing/validation already exists. No breaking changes to existing API. Minor deduction for lack of explicit CSR size validation on frontend (though backend enforces 4096 char limit).
• No files require special attention - all changes are well-structured and appropriately scoped

Important Files Changed

Filename	Overview
frontend/src/pages/cert-manager/CertificatesPage/components/CertificateIssuanceModal.tsx	Adds CSR-based certificate issuance with request method selector, conditional form fields, and proper form validation
frontend/src/hooks/api/certificates/types.ts	Makes signatureAlgorithm and keyAlgorithm optional to support CSR-based certificate issuance
docs/documentation/platform/pki/guides/request-cert-csr.mdx	Comprehensive new documentation guide for CSR-based certificate issuance with examples and FAQs

[greptile-apps]

_{4 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[saifsmailbox98]

@greptile review this PR again

[greptile-apps]

_{3 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}