APPLIES TO: Versions 19.1 and later
This article describes the steps required to import certificates from Symantec MPKI. With the feature release of the Adaptable CA driver in version 19.1, the Trust Protection Platform is able to integrate with a multitude of Certificate Authorities and perform various functions utilizing API/SDK endpoints and custom PowerShell scripts.
This article assumes the successful completion of exporting and parsing certificates from Symantec MPKI. For more information, follow the link How To: Bulk Export/Import Certificates From Symantec .
The output folder containing the certificates must be placed on the TPP server.
The Symantec MPKI import process follows these high-level steps. Details for each step are documented below.
- Applying the PEM Certificate Import Script
- Configuring Aperture for Certificate Import Job
APPLYING THE PEM CERTIFICATE IMPORT SCRIPT
1. Copy the sample PEM Certificate Import script from:
and save to the following folder of the TPP server:
2. Open the PEM Certificate Import script for editing.
3. The following variables must be modified:
|$global:certificates_folder||Path to Certificate Folder||This variable requires the absolute path to the certificate folder location. (i.e. - C:\MyCerts)|
|$global:file_extensions||Array With Additional File Extension: ".cer"||This array requires the CER base64-encoded file extension to be added to the list of file extensions.|
CONFIGURING APERTURE FOR CERTIFICATE IMPORT JOB
1. Login to the Aperture web portal as a Master Administrator.
2. Navigate to the "Jobs" page.
3. Click "+ Create New Job" to begin the create new job wizard.
4. Select "Certificate Import" option and click "Start".
5. Enter the job details:
i. Name (mandatory): The name of the job.
ii. Description (optional): Brief description for the purpose of the job.
iii. Import Type (mandatory): Select "Adaptable" option from list.
iv. Contacts (optional): The assigned owner of the certificate. If not supplied, policy will govern the owner.
v. Click "Next".
6. Configure the job settings:
i. PowerShell Script (mandatory): Select the "PEM Certificate Import" script.
ii. Username Credential (mandatory): The script requires as username credential. A "dummy" username credential can be selected.
iii. Platform Engine (optional): Select the engine where the "PEM Certificate Import" script is located.
iv. Include Expired Certificates (optional): Select if you want to include expired certificates during import.
v. Include Revoked Certificates (optional): Select if you want to include revoked certificates during import.
vi. Assign Contact value to Issued To (optional): Select this option if you're importing user certificates so you can associate certificates with the correct user identity. You'll likely want to select this option if you're using Venafi Enterprise Mobility Protect.
For more information about Enterprise Mobility Protect, see Enterprise Mobility Protect.
vii. Click "Next".
7. Configure the certificate import placement settings:
i. Select the specific policy folder where certificates will be placed during the import.
ii. Click "Next".
8. Configure the occurrence settings of the import job. It is recommended that import jobs follow a cadence to continue importing certificates which are created manually outside of TPP. Click "Create Job" when finished.
9. From the "Job" dashboard, you may choose to run the import job at anytime by clicking "Run Now".