Associating a certificate with an application from the certificate object

You must have Write permissions to the Certificate object and either Write or both Associate and Read permissions to the Application object before you can associate certificates with an application object.

To associate a certificate with an application from the certificate object

  1. From the TLS Protect menu bar, click Policy Tree.
  2. In the Policy tree, select the Certificate object you want to associate with the application, and then click the Associations tab.

  3. In the Details view, click Add.

    The Applications Selector dialog opens.

  4. Expand the parent Device object, then select the Application object you want to associate with the certificate.

    You must have either Write or both Associate and View permissions to the Application object to select it in the Applications Selector dialog.

  5. Click Select.

    The Application object is added to the certificate’s list of associated applications.

  6. Repeat the previous three steps for every application you want to associate with the certificate.

    For more information on one-to-many configurations, see Associating certificates with multiple applications (one-to-many).

Certificate object associations options

The following table reviews the options available on the Associations tab.

 

Option

Description

 

Column Sort

To sort the list by a particular column, click on the column heading. The sort toggles between ascending and descending order.

NOTE  In Policy Tree, the column sort order is stored in the administrator’s User object. Therefore, Policy Tree always reflects the user’s most recent column sort order, even if the administrator logs in from another workstation. In Policy Tree, the column sort order is reset every time you log in unless you bookmark the page. When you bookmark the page, the column sort order is saved and applied the next time you open that view. To bookmark the page, define the column sort order, and then click the share icon.

 

Columns

Determines the columns that display on the Certificate Associations tab.

NOTE  In Policy Tree, the column settings are stored in the administrator’s User object. Therefore, Policy Tree always reflects the user’s most recent column settings, even if the administrator logs in from another workstation. In Policy Tree, the column settings are reset every time you log in.

To access the Column menu in Policy Tree

Click the drop-down menu icon for a given column.

Click Columns.

 

Columns (continued)

{3} From the Columns menu, you can select the columns that you want to display in the Discovery Results tab.

To access the Column menu in Policy Tree, right-click any column heading, then select the columns that you want to display in the Discovery Results tab.

Add

Associates an Application object with the current certificate.

IMPORTANT  You must have Write permissions to the Certificate object and either Write or both Associate and Read permissions to the Application object to associate an application with the current certificate.

If you do not create a Network Certificate object below its associated Application object, Trust Protection Platform displays a Certificate Alias object below the associated Application object so you can see which certificates are associated with which applications.

NOTE  Alias objects are hidden by default. To view Alias objects in the Policy tree, you must enable the Show Aliases option. In the Windows console, click File > Preferences > Policy Tree, then select Show Aliases. In Policy Tree, click Show All > Show Aliases.

Delete

Disassociates the selected Application object from the certificate.

IMPORTANT  You must have Write permissions to the Certificate object and either Write or both Associate and Read permissions to the Application object to disassociate it from the current certificate.

This option does not delete the Application object from the Policy tree or remove the certificate from the application’s server.

Push

Pushes the current certificate and private key to the selected application.

IMPORTANT  You must have Write or Private Key Write permissions to the Certificate object and either Write or both Associate and Read permissions to the Application object to push the certificate to the selected application.

IMPORTANT  If the certificate and private key already exist on the target server, the push operation replaces the existing certificate and private key.

Trust Protection Platform will not process a push operation unless the following conditions are met:

  • The certificate is available in the Trust Protection Platform database.
  • The certificate’s management type is Provisioning.
  • The certificate is not currently being processed.
  • You must have Write permissions to the current Certificate object.
  • You must have either Write or Associate and Read permissions to the selected Application object.

Extract

Extracts the certificate and private key installed on the selected Application objects.

This option is available only in Policy Tree.

IMPORTANT  You must have Private Key Write and Write permissions to the Certificate object and both Read and Private Key Read permissions to the Application object to extract a certificate and private key from an application.

Trust Protection Platform compares the extracted certificate and private key with the current certificate. If there is a mismatch, Trust Protection Platform asks if you want to overwrite the current certificate and private key.

For more information, see Extracting certificates and private keys.

Enable

Disable

Toggles between enabling and disabling the processing of certificates on the selected application objects. When you disable processing, Trust Protection Platform does not attempt to install, renew, process, or validate certificates for the current application.

IMPORTANT  You must have Write permissions to the Certificate object and either Write or both Associate and Read permissions to the Application object to enable or disable the certificate on the selected application.

Retry Installation

Reattempts to install the certificate on the selected application(s).

IMPORTANT  You must have Write permissions to the Certificate object and either Write or both Associate and Read permissions to the Application object(s) to retry installing the certificate on the selected application(s).

Export

Exports the Associations data to a CSV, tab-delimited, HTML, or XML file.

Refresh

Refreshes the contents of the current page.