Application Objects and Lifecycle Management

Note that only the Enrollment and Provisioning management levels are listed in the table because these are the only levels at which Trust Protection Foundation manages certificates. Trust Protection Foundation does not act on certificates or applications at the Monitoring level.

Individual stages may vary per application. For information on the certificate lifecycle stages for each application, see the application appendices in the CyberArk Trust Protection Foundation Application Guide.

Managed stages of the certificate lifecycle

The following table outlines the managed stages of the certificate lifecycle.

Certificate Lifecycle Stages

Stage

Friendly Name

Description

Enrollment

Provisioning

Stages 0-700 are performed by the Application driver only if remote key generation is enabled. If the private key and CSR are locally generated on the Trust Protection Foundation server, stages 0-700 are performed by the X509Certificate Application driver.

The private key and CSR are remotely generated on the certificate’s consumer application(s) if the Generate Key/CSR on Application option is enabled in the Certificate object.

0

StartProcessing

Trust Protection Foundation prepares the certificate for lifecycle processing.

x

x

100

CheckStore

Only applies to remote generations.

If the private key and CSR is generated remotely, Trust Protection Foundation compares the keystore or Directory configuration parameters specified in the Application object with the actual configuration on the application.

platform dependent

x

200

CreateConfigureStore

Only applies to remote generations.

If the certificate keystore does not exist, Trust Protection Foundation creates the keystore as per the configuration parameters defined in the Application object.

 

x

300

CreateKey

Trust Protection Foundation creates the private key.

x

x

400

CreateCSR

Trust Protection Foundation creates the Certificate Signing Request (CSR).

x

x

500

PostCSR

Trust Protection Foundation submits the CSR to the Certificate Authority (CA).

If you post a manual CSR, this is the first stage of the certificate lifecycle.

x

x

600

ApproveRequest

Trust Protection Foundation approves the certificate renewal at the CA.

x

x

700

RetrieveCertificate

Trust Protection Foundation retrieves the certificate from the CA.

x

x

800

InstallCertificate

Trust Protection Foundation installs the certificate on the target application.

 

x

900

CheckConfiguration

Trust Protection Foundation verifies the configuration after the certificate is installed.

 

 

1000

ConfigureApplication

Trust Protection Foundation configures the application to use the installed certificate, if needed.

 

 

1100

RestartApplication

Trust Protection Foundation restarts the application after the certificate is installed and configured, if needed.

 

 

1200

EndProcessing

Trust Protection Foundation completes the certificate processing and, if configured, runs a Validation check on the certificate and application.

 

x

1400

Revocation

Trust Protection Foundation submits a revocation request to the CA.

Certificate revocation is a certificate operation; it does not involve the application driver.

x

x