Step 3: (Optional) Configure an application server
If you want to automate certificate provisioning, you can have Trust Protection Platform install certificates for use by an application server, such as F5's BIG-IP Local Traffic Manager (F5 LTM Advanced) or Amazon Web Services (AWS). Once you've selected and configured your application server software to use a certificate, you must then create associated objects for them on the Trust Protection Platform server (by creating device and application objects and then associating them with the relevant certificates used by your application server software).
Application objects provide the configuration information Trust Protection Platform needs to install and validate certificates on the Application object’s associated platform or keystore.
To enable Trust Protection Platform to provision certificates to supported platforms or keystores, you must complete the following:
-
Prepare the target system.
This includes setting up SSL on the target system and granting the required system permissions. For a listing of supported applications and their associated appendix, see Venafi CA and application drivers library.
-
(Conditional) If Trust Protection Platform interacts with a device using an SSH command line and must use a jump server to access the device because it is behind a firewall, create a Jump Server object and configure its associated Device objects.
For more information, see Managing Jump Server Objects.
-
In the Policy Tree, create a Device object for the network-accessible computer system where the certificate is installed.
For more information, see Managing device objects.
-
In the Policy Tree, create and configure an Application object for the network appliance or keystore where the certificate is installed.
For more information, see Managing application objects.
-
In the Policy Tree, associate the Application object with the appropriate certificates.
In the case of a network appliance, you associate each Application object with the relevant certificate consumed by the network appliance. For a keystore, you associate each Application object with the certificate stored in the keystore.
TIP Application objects can only be associated with a single certificate. However, a single certificate can be associated with many application objects.
For more information, see Associating certificates with applications