Step 5: Create certificate objects
Certificate objects provide Trust Protection Platform with the information it needs to monitor certificates. But how and when are they created?
When certificates are either discovered or imported, Trust Protection Platform creates an associated certificate object automatically. However, if you create a new certificate manually, you must create a certificate object, enter the Subject DN and any SANs, and then select a CA template.
DID YOU KNOW? During discovery, device and application objects are also created automatically.
For information about certificate discovery, see Discovering certificates and keys.
For more information about downloading or importing certificates, see Downloading certificates, private keys, and root chains, and Discovering certificates and keys.
For more information about managing, installing, creating, and editing certificates, see Managing certificates and private keys—overview.
Certificates are created in the following ways:
-
CA Import (currently supported for Microsoft CA) - A certificate authority import job is created and Trust Protection Platform discovers the certificates from the certificate authority and places them according to the placement rules.
For more information, see Importing certificates from a certificate authority.
-
Instant Discovery - Instantly scans a destination host and if certificate is discovered you can choose to manage it, which automatically creates the certificate object in the chosen destination. Instant Discovery is similar to Network Discovery, except that it scans only a single host.
For more information see Using Instant Discovery.
-
Manually - Manually import an existing certificate or certificate-key pair into the system using Trust Protection Platform. If there is an application (or device) associated with the certificate, you will also need to manually create the application (or device).
For more information, see Creating a certificate installation, and Importing an existing certificate.
-
Network Discovery - Scans a defined network range and, according to the placement rules set in Aperture, automatically creates and places the discovered certificates in their corresponding folders (according to the rules).
For more information, see Discovering certificates and keys.
-
Onboard Discovery - Automates the process of importing certificates into Trust Protection Platform from network devices where you can then monitor, validate, and provision them.
For more information, see Using Onboard Discovery.
-
Venafi Server Agent - installs the agent on local systems to performs scheduled work, including discovery of certificates and keys found in designated keystores and directories.
For more information, see Server Agent—Introduction.
-
Web SDK - Allows you to use REST API calls for Certificate object creation. You can use Certificates/Import to add one Certificate object or Discovery/Import to find and add an entire set.
For more information, see POST Certificates/Import and POST Discovery/Import.