In Venafi™ Encryption Director, TrustAuthority & TrustForce the PKCS#12 Application object is used to provision PKCS#12 certificates to a PFX file.
First create your application object:
To enable Director Certificate Manager to provision PKCS#12 certificates to a PFX file, you must complete the following:
- Create the directory where you want Director Certificate Manager to create the PKCS#12 file.
- Grant the user account that Director uses to authenticate to the host server Read and Write access to the PKCS#12 file. The location of the PKCS#12 file is defined in the PKCS#12 Application object.
- Open the SCP port. Director uses the Secure Copy (SCP) protocol to copy the PKCS#12 file to the target directory; therefore, Director must have access to the SCP port. The default SCP port is port 22.
- In the Director administration console, create a Device object for the server where the PKCS#12 file is located.
- In the Director administration console, create and configure an Application object for the PKCS#12 PFX file.
- In the Director administration console, associate the PKCS#12 Application object with the certificate you want to write to the PKCS#12 file.
Steps to configure the PKCS#12 Application Object
Create the PKCS#12 Application Object
- Uncheck Processing Disabled
- Associated certificate is where you would manually choose what existing certificate applies to this object. This is the certificate installed on the application.
- If this does not yet exist then there is no need to select Edit.
- Description - Create a description for the object
- Contact - User or group identities assigned to this object, The default notifications are sent to these
- Approver - User or group identities assigned to approve Workflow
- Application Credentials - Set up credentials to authenticate with the application
- SCP/SSH Port – select port to use
- PKCS#12 File – Complete path and filename of the PKCS#12 PFX file. The PFX file contains the private key and signed client certificate.
- Private Key Password – Password Credential that Director uses to protect the certificates private key. This is not a required field
- Friendly Name – Common name or Alias
- Certificate Chain File – Path and filename where Director Certificate manager writes the certificates associated root and intermediate root certificates. This option is only available if you select Store in Certificate Chain File for the certificate chain location
- Bundle Certificate – Bundles the root and intermediate root certificates with the certificate file installed on the current appliance