Creating placement rules

When you set up placement rules, Trust Protection Platform automatically follows those rules, in order, from top to bottom, to place keys, certificates, and their corresponding devices into folders.

IMPORTANT  If network discovery finds a new version of a certificate that is already in the database, it combines the certificates, putting the older certificate in the certificate history of the newer certificate. For more information, see About placement of duplicate certificates.

To create one or more placement rules

  1. From the TLS Protect menu bar, click Configuration > Placement Rules.

  2. Click + Create New Rule.

  3. In the New Placement Rule window, do the following:

    1. In the Rule Name field, type a name for your new placement rule.

    2. Select the rule type.

    3. Complete all required conditions, including deleting or adding conditions as needed, using and .

      Condition

      Explanation

      Example

      Matches

       

      Performs a literal string match between the key or certificate property and the value specified.

      If Subject Alt Name is server.example.com, the condition Subject Alt Name Matches server.example.com will match.

      Matches Regex

      Matches key or certificate property values that match the regular expression pattern specified.

      If Subject Alt Name is Server.Example.COM, the condition Subject Alt Name Matches Regex (?i)server.example.com will match.

      Starts With

      Matches key or certificate property values that start with the value specified.

      If Subject Alt Name is server.example.com, the condition Subject Alt Name Starts With server will match.

      Ends With

      Matches key or certificate property values that end with the value specified.

      If Subject Alt Name is server.example.com, the condition Subject Alt Name Ends With .com will match.

      Contains

       

      Matches key or certificate property values that contain the value specified

      If Subject Alt Name is server.example.com, the condition Subject Alt Name Contains example will match.

      In

      Matches numeric or IP address key or certificate property values that are within the specified range.

      NOTE  Use CIDR notation to specify IP address ranges, or use comma separated values to show multiple IP addresses.

      Example 1: If Port is 443, the condition Port in 0-1024 will match.

      Example 2: If IP address is 10.1.0.1, the condition IP Address in '10.1.0.0/24' will match, as will IP Address in '10.1.0.0,10.1.0.1,10.1.0.2'.

    4. Select the policy folder into which you want to place keys or certificates that meet the conditions.

      This is a required field for SSH keys, and an optional field for certificates.

    5. (Optional) Select the policy folder into which you want to place the certificates' corresponding device.

      NOTE  For certificates, you must select a policy folder for either the certificate, or the device (or both). You cannot leave both fields blank.

  4. Select the folder into which you want to put the placement rule.

    NOTE  You must have the correct permissions in order to see the folder. See Permissions overview.

    IMPORTANT  If the folder does not exist when the placement rule is run, the folder will be created and the certificates and devices will be placed in that new folder. This could happen, for example, if you renamed a policy in the Policy Tree, and the corresponding folder no longer existed in the main interface.

  5. Add new rules as needed, clicking + Create New Rule and Save for each one.

When you're done creating rules, your placement rules should look similar to this:

DID YOU KNOW?  You can reorder existing rules by clicking and dragging them up and down the list. Trust Protection Platform executes the rules in the list beginning at the top and moving down. For more information, see Editing the order in which placement rules are executed.

Related Topics Link IconRelated Topics