Creating an Apache Installation
To manage certificate provisioning, you can create an Apache installation, which is similar to the Policy Tree Application object. The Apache installation manages PEM files installed on Apache HTTP servers.
This object provides the information Trust Protection Platform needs to monitor, enroll, or provision PEM files on its associated Apache or Windows servers, and can even provision the end-entity, chain and private key to a single file (rather than two or three separate files).
When a private key for an Apache certificate is on an Entrust nShield HSM, you can create multiple installations in Venafi Platform. In the Policy Tree, an Application group appears in the Policy tree for the certificate. Trust Protection Platform automatically manages the application group.
Before beginning this procedure, make sure that you review the topic, Apache prerequisite configuration.
BEST PRACTICE Consider managing object settings using a policy. For more information, see
To create an Apache installation
- Log in to TLS Protect.
-
Follow the general instructions for Creating a certificate installation. In the Add a New Installation wizard, specify these parameters:
-
Track, validate, and automate installation of this certificate. In addition to tracking and validation options above, this option adds the complete end-to-end lifecycle automation of certificates including the ability to have certificates automatically renewed and installed on the host device.
- Installation Type: Apache HTTP Server
- Yes Configure installation
-
-
In the Installation Settings Wizard, follow the general instructions in Enabling remote key generation for Apache certificates. For Private Key Location, specify Entrust nShield HSM.
- Click Save and Install.
-
(Optional) If you want the Apache application servers to share the same certificate and the HSM to manage the private key, repeat these instructions and specify different device parameters. The group generates a new key pair on one server and distributes the key stub and application key token files to the rest of the servers in the farm.
TLS Protect automatically creates an Application group. Each Apache server shares the same certificate.
CAUTION Under the certificate, you can view an Application group. Do not delete the group within the policy tree. Otherwise, results may be unexpected.