Creating certificate credentials

The certificate credential feature lets you store private keys that can be used for authentication.

The certificate you select must have a corresponding private key stored within Trust Protection Foundation.

TIP  Before you proceed, you should know that Aperture only lets you select existing certificates, while Policy Tree lets you either select existing certificates or import a new certificate if the certificate you need is not yet in Trust Protection Foundation.

To create a certificate credential (Aperture)

  1. From the Certificate Manager - Self-Hosted menu bar, click Inventory > Credentials, and then click Create a New Credential.

  2. Click the Credential Type list and select Certificate.

  3. Click Folder and select the policy folder in which to create your new credential.

  4. In Credential Name, type a unique name for the new credential object, and then click Create and Configure.

  1. In Edit Credential Settings, click the Certificate field to locate and select the certificate to use for this credential.

    The certificate you select must have a corresponding private key stored within Trust Protection Foundation.

  2. Select a PKCS#12 Encryption Algorithm.

    The encryption algorithm is used to protect the private key when the PKCS#12 file is generated for this certificate credential. If you are linking a certificate to a certificate credential for use on an older operating system, select a PKCS#12 encryption algorithm that is supported by that system.

    NOTE: Starting in Trust Protection Foundation version 25.1, the default PKCS#12 encryption algorithm was updated. Some operating systems do not support the new default algorithm. If the selected algorithm is not supported by the target system, the certificate credential cannot be used.

  1. (Optional) In Description, type a description of your new credential.

    A strong description can be useful in helping other administrators better understand the purpose of your new object (such as certificates, jobs, credentials, devices, trust stores, etc.), or to remind yourself later why you created it.

  2. (Optional) Click Contacts and select one or more users or groups to whom you want default system notifications to be sent. The default contact is the master administrator.

  1. When you're finished, click Save.