Frequently Asked Questions
Q. Can there be more than one Aperture Configuration Object? Can I move it around?
You can have only one Aperture Configuration Object at a time but you can move it around anywhere in your Policy tree.
Q. Can a person transfer his or her access or profile to someone else when they go on vacation?
No. For security reasons, transfers of access are not allowed. However, if two people need access to the same folders and certificates, consider putting them in the same Group and give the Group the correct permissions.
Q. Can two or more users access the same certificate at the same time?
Multiple users can read a certificate at the same time. If multiple users attempt to write a certificate at the same time, only the changes made by the last user will be saved.
Q. What if my certificate creation or renewal process gets stuck?
The process may need to be restarted or reset and can be done only in Trust Protection Platform. Contact your Trust Protection Platform Administrator for help.
Q. What is the difference between monitoring and enrollment?
Monitoring
Organizations can monitor keys and certificates. TLS Protect helps monitor existing certificates and provides current information about the certificate. When the certificate is about to expire, messages are automatically sent to certificate owners, consumers, and approvers.
Monitoring does not renew the certificate. The administrator has to manually create the CSR (Certificate Signing Request), send it to the CA (Certificate Authority), then retrieve and install the renewed certificate.
Enrollment
Enrollment allows TLS Protect to automatically renew certificates. TLS Protect can generate and submit CSRs to Certificate Authorities using the parameters defined in the corresponding CA Template objects. Or, administrators can manually generate the CSR, then upload it to TLS Protect to complete the enrollment process.
After the CA signs the certificate TLS Protect retrieves the certificate. The administrator can then download the certificate and install it as needed.
Q. What does this message mean? The user has additional certificates but your permissions do not allow you to see them. In order to view all certificates, the correct permissions need to be set.
You'll see this message after you do a user name search for certificates. If you have fewer permissions than the user whose certificates you are trying to view, you'll be notified that there are more certificates. Extended permissions are needed in order to see them. Contact your Administrator for help.
Q. Why don't I see the Certificates menu?
The Certificates menu is only shown if your user account has read or view access to at least one certificate. If you create a new certificate, the Certificates menu will be shown immediately. If somebody grants you access to a certificate, you will see the Certificates menu the next time your log in.
Q. Why do I get a "403 Forbidden" error message when I'm logged in to the system?
Trust Protection Platform has security settings that protect the system from various types of vulnerabilities. If the system detects that the referrer header is not from an authorized source, you will see a "403 Forbidden" error message.
This setting is controlled by the registry of the Venafi Platform server. If you have a need to disable this security feature (not recommended), you can add the following registry key on all Venafi Platform servers that are in the cluster:
|
Registry Key location |
Key Name |
Data Type |
Key Value |
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\Software\Venafi\Platform |
DisableSameOriginCheck |
Dword |
1 |