Info:
This article covers the four different Management levels available for Certificate objects. The Management level determines what Venafi Trust Protection Platform (TPP) will do with the Certificates stored.
More Info:
The four different Management levels are:
- Unassigned
- Monitoring
- Enrollment
- Provisioning
Unassigned
Unlicensed certificates that do not allow network validation, expiration monitoring, enrollment, provisioning, or onboard validation. However, they are included in selected reports and on the dashboard.
Monitoring
TPP monitors existing certificates and provides current information on the certificate status and lifecycle. When the certificate nears the end of its lifecycle, TPP sends dynamically-generated expiration and escalation messages to certificate owners, consumers, and approvers.
At the monitoring level of certificate management, however, TPP does not renew the certificate. The administrator must manually create the CSR, send it to the certificate authority (CA), then retrieve and install the renewed certificate.
Once the certificate is manually installed, TPP can validate the certificate is installed and properly configured.
Enrollment
At this level, TPP interfaces directly with certificate authorities to initiate and auto-enroll new or to-be-renewed certificate and key generation requests according to organization-defined workflow and approved folders.
TPP automatically generates and submits CSRs to Certificate Authorities using the parameters defined in designated CA Template objects. If preferred, administrators can manually generate the CSR, then upload it to TPP Certificate Manager to complete the enrollment process with the appropriate CA.
After the CA signs a certificate, Trust Protection Platform Certificate Manager retrieves the certificate and securely stores it in the Secret Store. The administrator can then download the certificate and install it on target systems.
Provisioning
TPP provides a fully automated certificate and key life-cycle management, one that automatically requests, installs, renews, and monitors encryption assets on your network. This produces consistent and repeatable processes that improve security and reduce operational and compliance risks.
Comments