Application Objects and Lifecycle Management

Note that only the Enrollment and Provisioning management levels are listed in the table because these are the only levels at which Trust Protection Platform manages certificates. Trust Protection Platform does not act on certificates or applications at the Monitoring level.

Individual stages may vary per application. For information on the certificate lifecycle stages for each application, see the application appendices in the Venafi Trust Protection Platform Application Guide.

Managed stages of the certificate lifecycle

The following table outlines the managed stages of the certificate lifecycle.

Certificate Lifecycle Stages

Stage

Friendly Name

Description

Enrollment

Provisioning

Stages 0-700 are performed by the Application driver only if remote key generation is enabled. If the private key and CSR are locally generated on the Trust Protection Platform server, stages 0-700 are performed by the X509Certificate Application driver.

The private key and CSR are remotely generated on the certificate’s consumer application(s) if the Generate Key/CSR on Application option is enabled in the Certificate object.

0

StartProcessing

Trust Protection Platform prepares the certificate for lifecycle processing.

x

x

100

CheckStore

Only applies to remote generations.

If the private key and CSR is generated remotely, Trust Protection Platform compares the keystore or Directory configuration parameters specified in the Application object with the actual configuration on the application.

platform dependent

x

200

CreateConfigureStore

Only applies to remote generations.

If the certificate keystore does not exist, Trust Protection Platform creates the keystore as per the configuration parameters defined in the Application object.

 

x

300

CreateKey

Trust Protection Platform creates the private key.

x

x

400

CreateCSR

Trust Protection Platform creates the Certificate Signing Request (CSR).

x

x

500

PostCSR

Trust Protection Platform submits the CSR to the Certificate Authority (CA).

If you post a manual CSR, this is the first stage of the certificate lifecycle.

x

x

600

ApproveRequest

Trust Protection Platform approves the certificate renewal at the CA.

x

x

700

RetrieveCertificate

Trust Protection Platform retrieves the certificate from the CA.

x

x

800

InstallCertificate

Trust Protection Platform installs the certificate on the target application.

 

x

900

CheckConfiguration

Trust Protection Platform verifies the configuration after the certificate is installed.

 

 

1000

ConfigureApplication

Trust Protection Platform configures the application to use the installed certificate, if needed.

 

 

1100

RestartApplication

Trust Protection Platform restarts the application after the certificate is installed and configured, if needed.

 

 

1200

EndProcessing

Trust Protection Platform completes the certificate processing and, if configured, runs a Validation check on the certificate and application.

 

x

1400

Revocation

Trust Protection Platform submits a revocation request to the CA.

Certificate revocation is a certificate operation; it does not involve the application driver.

x

x