If you need to install certificates on a large number of clients quickly, use Dynamic Provisioning. This feature is particularly helpful in automation when, for example, you're working with multiple virtual machines (VMs) or containers and need to rapidly deploy certificates to them.
Unlike other provisioning methods, with Dynamic Provisioning, you don't have to first create device, application, or certificate objects, either. Dynamic Provisioning takes care of that for you.
Dynamic Provisioning lets you quickly provision customized certificates to many endpoints in a single step, from agent registration to certificate issuance. By setting up a CA template, configuring Dynamic Provisioning work, and then assigning it to a group in Aperture, Trust Protection Platform can then manage the entire process automatically, from requesting and enrolling certificates, and then installing them on the clients where Server Agents are running.
Keep the following in mind before you begin using Dynamic Provisioning:
- Certificates are installed only if they don't exist already, or if existing certificates have different content.
- Applications that use certificates must be restarted if they don't detect certificate changes automatically.
Dynamic Provisioning supports the CAPI and PEM keystore types
For more information about keystore types supported by the Server Agent, see Server Agent-supported keystores.
Before you begin, review the topic, Before you configure agent-based certificate installation (provisioning) work.