Certificate installation using the Server Agent

You can use the Server Agent to install certificates on clients where the agent is installed and running.

Provided that you have set your device objects to the Agent Provisioning Mode, you can configure the Server Agent to install certificates on agent-enabled devices, but you must first configure certificate installation (provisioning) work.

When you set up certificate installation work, you are telling Trust Protection Platform how often it should send certificate installation work to Server Agents.

NOTE For information about compatible keystores for certificate installation, see Server Agent-supported keystores.

BEST PRACTICE Depending on your current configuration, you might need to perform some important tasks before certificate installation work can be run successfully. Consider the following and determine which scenario matches your current configuration, and then perform the related tasks:

If the device object was created manually in the Policy tree

Enable device placement work for the group to which the agent belongs.

Choose Single Folder mode and set the device location to where the existing device is in policy.
Wait for the VEDClient cache to refresh (approximately 10 minutes).
Have the agent check in so that it can perform the device placement work.
Change the Provisioning Mode on the device object to Agent (or change it at the policy level if you want to cause all the devices under that policy to use the agent).

If the device object was created by device placement using Trust Protection Platform 15.2 (or earlier)

Change the Provisioning Mode on the device object to agent (or change it at the policy level if you want to cause all devices under that policy to use the agent).