Configuring the OpenSSL template object

To enable Trust Protection Platform to manage OpenSSL certificates, you must configure the OpenSSL template object. This object provides the information Trust Protection Platform needs to request, retrieve, and install certificates issued by the OpenSSL driver.

BEST PRACTICE  Consider managing CA Template object settings using a policy. For more information, see Managing CA templates using policies.

To create a OpenSSL CA template object

  1. From the TLS Protect menu bar, click Policy Tree.
  2. From the Tree drop-down menu, click Policy.
  3. In the Policy tree, select the folder where you want to create the CA Template object, and then click Add.
  4. Click CA Template, then select OpenSSL to create it.
  5. In the CA Name box, type a name for the new OpenSSL object.

  1. Refer to the following table to complete the remaining CA template settings:

    Field

    Description

    Connection

    Hostname

    IP Address or DNS name of the OpenSSL CA server.

    Trust Protection Platform supports both IPv4 or IPv6 connections.

    Credentials

    User name credential required to connect to the OpenSSL CA.

    The credential type can be:

    • Username
    • Private Key

    To select a credential

    1. Click the Browse button.

      The Credential Selector dialog appears.

    2. Select the user name credential that stores the user name and password required to connect to the OpenSSL CA server, and then click Select.

    SSH Port

    The network port used by the Secure Shell (SSH) protocol for secure remote access to servers. Default port is 22.

    Options

    CA Template

    (Optional)

     

    The OpenSSL CA template that you want to associate with the current CA Template object.

    TIP  If you populate the CA template field, it will be used. If left blank, the system will refer to the configuration file and apply the default CA.

    CA Config File Path

    The location of the configuration file for the Certificate Authority (CA) that defines its settings and operations.

    CA Certificate Path

    The location of the public certificate used by the CA to sign other certificates.

    CA Private Key Path

    The file path where the private key for the CA is stored, used for signing certificates.

    Private Key Credential

    (Optional)

    The passphrase or password used to secure the private key.

    Temp Directory

    (Optional)

    A folder for temporarily storing files during the certificate generation or signing process,
  2. You have two options for your settings, the default CA or the CA Template:
    1. If you choose the default CA, then fill out the required fields (Hostname, Credentials, and SSH Port).
    2. If you choose a CA Template, then fill out the fields (Hostname, Credentials, SSH Port, and enter you CA Template name).
  3. Once you have completed the settings fields, Click Validate.

  4. Click Save.

What's next?

After you create a CA object, you can select it from the Policy tree, and then view important information and manage various settings.

  • Click the General tab to view and modify log and permissions settings.

    • Click the Log sub-tab to view any logged events that are triggered by the template object.

      IMPORTANT  You must have the Read permission to view the Log tab.

      For more information about options found on the Log tab, see Viewing log events.

    • On the Permissions sub-tab, you can configure the users or groups to whom you want to grant permissions to the new template object.

      Consider managing object permissions via parent objects so that you can take advantage of inheritance. For more information, see Permission inheritance and flow down.