Create a Common KeyStore Machine
Table of Contents
Expand all | Collapse all
-
- Activate Next-Generation Trust Security
-
-
- Configure Akamai Connection
- Configure AWS Connection
- Configure Azure Key Vault Connection
-
- Workload Identity Federation Authentication
- Workload Identity Federation - Azure Identity Provider Authentication
- Next-Gen Trust Security Generated Key Authentication
- User Permissions
- Workload Identity Federation Authentication
- Next-Gen Trust Security Generated Key Authentication
- User Permissions
- Supported OIDC Claims
-
-
-
- Working with the Built-in CA
- Add AWS Public CA
- Add AWS Private CA
- Add DigiCert One Certificate Authority
- Add Entrust
- Add GlobalSign Atlas
- Add GlobalSign MSSL
- Add GoDaddy
- Add Google Cloud Private CA
- Add a HID PKIaaS CA
- Add Certificate Manager - Self-Hosted
- Set Up an OpenSSL Certificate Authority Connector
- Create a Sectigo Certificate Manager Certificate Authority
- Add Zero Touch PKI
- Set Up Certificate Expiration Notifications
- Using a Custom DNS Provider
-
-
-
-
- Create an F5 BIG-IP LTM Machine
- Create a Microsoft Azure Private Key Vault Machine
- Create a Microsoft Azure Application Registration Machine
- Create a Microsoft IIS Machine
- Create a Microsoft Windows (PowerShell) Machine
- Create a Microsoft SQL Server Machine
- Create a Common KeyStore Machine
- Create a Citrix ADC Machine
- Create an Imperva WAF Machine
- Create a VMware NSX Advanced Load Balancer (AVI) Machine
- Create an A10 Thunder ADC Machine
- Create a Cloudflare Machine
- Create Kemp Virtual LoadMaster Machine
- Create a Palo Alto Panorama Machine
- Create a Radware Alteon Machine
-
- Provision to an F5 BIG-IP LTM
- Provision to a Microsoft Azure Private Key Vault
- Provision to Microsoft IIS
- Provision to Microsoft Windows (PowerShell)
- Provision to Microsoft SQL Server
- Provision to a Common KeyStore
- Provision to a Citrix ADC
- Provision to an Imperva WAF
- Provision to VMware NSX Advanced Load Balancer (AVI)
- Provision to an A10 Thunder ADC
- Provision to Cloudflare
- Provision to a Kemp Virtual LoadMaster
- Provision to Palo Alto Panorama
- Provision Certificates to Radware Alteon
-
-
- 47-Day Validity Readiness TLS Certificates dashboard
- About the Certificate Inventory
- Managing Certificate Lifecycle Settings
- Reissuing Certificates in Next-Gen Trust Security
- Downloading Certificates, Certificate Chains, and Keystores
- Retiring, Recovering, and Deleting Certificates
- Finding Certificates in the Certificate Inventory
- Importing Certificates from a CA Using EJBCA
- Domain-Based Validation for External Emails
-
- Create a Workload Identity Management or Discovery Agent Built-in Account
- Create an OCI Registry Built-in Account
- Create a Certificate Manager - Self-Hosted Built-in Account
- Create a Scanafi Built-in Account
- Toggling a Built-in Account on or Off
- Editing Built-in Accounts
- Deleting Existing Built-in Accounts
- Renew Existing Built-in Accounts
- Troubleshooting
Create a Common KeyStore Machine
Creating a new machine enables Next-Gen Trust Security to connect directly to application keystores for certificate management. After creating the machine, you can provision certificates to it.
Important: This topic continues the steps started in Create a new machine. Complete that procedure before continuing.
Before You Begin
SSH Protocol
- IP address or hostname
- Port
- Credentials with permission to create, read, and write to the keystore destination
- (Optional) Permission to restart services on the target system
Windows Remote Management (WinRM)
- IP address or hostname
- WinRM port
- (Kerberos only) Domain name
- (Kerberos only) Key Distribution Center address or hostname
- (Kerberos only) Service Principal Name
- Credentials with permission to create, read, and write to the keystore destination
Supported Platforms
- Windows Server 2019 and 2022
- Ubuntu 18.04 LTS or later
- Red Hat Enterprise Linux 7.9
- Oracle Linux 8 or later
If you have completed the steps in Create a new machine, continue below to configure the Common KeyStore–specific settings.
- From Protocol, select SSH or Windows Remote Management.Tip: Select the section that matches the protocol you are using.
SSH
- From Authentication Type, select Password or Private key.
- Enter the IP Address/Hostname and Port.
- From Credential Type, select Enter Credentials or Select Credentials.Note: Available credential options depend on your environment configuration.
- Enter the required credentials.Warning: Remember to store your username and password securely when creating a new machine. For security reasons, you will not be able to modify the fields under the "Access" tab without these credentials. This ensures that only authorized individuals can modify these fields.
- (Optional) To restart a service after certificate deployment, enter a value in Service Name.If no service name is provided, the certificate is deployed without triggering a restart.
- Click Test Access, then click Continue.
Linux Service Restart Support
The Service Name option is supported only on Linux systems using systemd.
- The service name must match a systemd-managed service.
- The restart command executed is sudo systemctl restart <service-name>.
Restart behavior does not apply to WinRM-based connections.
Windows Remote Management
Select an authentication method, then follow the applicable steps.
Basic Authentication
- Enter the IP Address/Hostname and Port.
- Enable Use TLS for WinRM to secure credentials in transit.Warning: Disabling TLS sends credentials in plaintext.
- From Credential Type, select Enter Credentials or Select Credentials.
- Enter the required credentials.Warning: Remember to store your username and password securely when creating a new machine. For security reasons, you will not be able to modify the fields under the "Access" tab without these credentials. This ensures that only authorized individuals can modify these fields.
- Click Test Access, then click Create.
Kerberos Authentication
- Enter the IP Address/Hostname and WinRM Port.
- (Optional) Enable Use TLS for WinRM.
- Enter the Domain Name, Key Distribution Center, and Service Principal Name.
- From Credential Type, select Enter Credentials or Select Credentials.
- Enter the required credentials.Warning: Remember to store your username and password securely when creating a new machine. For security reasons, you will not be able to modify the fields under the "Access" tab without these credentials. This ensures that only authorized individuals can modify these fields.
- Click Test Access, then click Create.
What's Next
- Complete discovery and provisioning scheduling. See Create a new machine.