APPLIES TO: Versions 19.1 and later
SUMMARY:
This article describes the steps required to import certificates from DigiCert. With the feature release of the Adaptable CA driver in version 19.1, the Trust Protection Platform is able to integrate with a multitude of Certificate Authorities and perform various functions utilizing API/SDK endpoints and custom PowerShell scripts.
Note: If attempting to import certificates to a version of TPP 18.4 or earlier, follow instructions to Bulk Export/Import Certificates From Digicert.
PREREQUISITES:
The sample DigiCert Certificate Import script requires a DigiCert API user. This article assumes access has been granted with the necessary credentials and permissions to access DigiCerts CertCentral.
OVERVIEW:
The DigiCert import process follows these high-level steps. Details for each step are documented below.
- Applying the DigiCert Certificate Import Script
- Configuring Aperture for Certificate Import Job
APPLYING THE DIGICERT CERTIFICATE IMPORT SCRIPT
1. Copy the sample DigiCert Certificate Import script from:
<VenafiInstalationPath>\Scripts\AdaptableCA\Samples\
and save to the following folder of the TPP server:
<VenafiInstallationPath>\Scripts\AdaptableCA\
CONFIGURING APERTURE FOR CERTIFICATE IMPORT JOB
1. Login to the Aperture web portal as a Master Administrator.
2. Navigate to the "Jobs" page.
3. Click "+ Create New Job" to begin the create new job wizard.
4. Select "Certificate Import" option and click "Start".
5. Enter the job details:
i. Name (mandatory): The name of the job.
ii. Description (optional): Brief description for the purpose of the job.
iii. Import Type (mandatory): Select "Adaptable" option from list.
iv. Contacts (optional): The assigned owner of the certificate. If not supplied, policy will govern the owner.
v. Click "Next".
6. Configure the job settings:
i. PowerShell Script (mandatory): Select the "DigiCert Certificate Import" script.
ii. Username Credential (mandatory): The script requires a username credential when supplying the secondary credential. A "dummy" username credential can be selected.
iii. Secondary Credential (mandatory): Select the DigiCert API password credential.
iv. Platform Engine (recommended): Select the engine where the script is located and responsible for importing the certificates. This engine should have bi-directional access to the DigiCert API endpoint.
v. Include Expired Certificates (optional): Select if you want to include expired certificates during import.
vi. Include Revoked Certificates (optional): Select if you want to include revoked certificates during import.
vii. Assign Contact value to Issued To (optional): Select this option if you're importing user certificates so you can associate certificates with the correct user identity. You'll likely want to select this option if you're using Venafi Enterprise Mobility Protect.
For more information about Enterprise Mobility Protect, see Enterprise Mobility Protect.
viii. Click "Next".
7. Configure the certificate import placement settings:
i. Select the specific policy folder where certificates will be placed during the import.
ii. Click "Next".
8. Configure the occurrence settings of the import job. It is recommended that import jobs follow a cadence to continue importing certificates which are created manually outside of TPP. Click "Create Job" when finished.
9. From the "Job" dashboard, you may choose to run the import job at anytime by clicking "Run Now".
Comments