Associating certificates with applications

To enable Venafi Trust Protection Platform™ to manage one or more certificates on a platform or keystore, you must associate the Application object with the corresponding Certificate object(s). When you associate an Application object with a certificate and enable processing, Trust Protection Platform manages the certificate and private key on the server where the application resides.

Depending on the level of certificate management configured on the certificate—Monitoring, Enrollment, or Provisioning—Trust Protection Platform may perform the following actions on the applications associated with a certificate:

  • If you associate an existing certificate with an application where the certificate is not currently installed and Provisioning is enabled, Trust Protection Platform installs the certificate and private key on the application’s server, overwriting the existing certificate and private key.
  • If the certificate does not yet exist and Enrollment or Provisioning is enabled, Trust Protection Platform generates the key pair and CSR (either on the application’s local server or on the Trust Protection Platform server as determined by the Certificate object configuration), submits the CSR to the CA, then retrieves the certificate. If Provisioning is enabled, Trust Protection Platform also installs the certificate and private key on the target platform or keystore.
  • If the certificate already exists on the application’s server and Monitoring is enabled, Trust Protection Platform monitors the certificate lifecycle and provides notification when the certificate is about to expire. If Provisioning is enabled, Trust Protection Platform replaces the certificate when it expires using the parameters defined in the Certificate object and/or its associated policy.

You can associate certificates with applications from either the Certificate or Application object configurations.