Provision certificates to machines
Table of Contents
Expand all | Collapse all
-
- Activate Next-Generation Trust Security
-
-
- Configure AWS connection
- Configure Azure Key Vault connection
-
- Workload Identity Federation authentication
- Workload Identity Federation - Azure Identity Provider authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Workload Identity Federation authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Supported OIDC claims
-
-
-
-
- Create an F5 BIG-IP LTM machine
- Create a Microsoft Azure Private Key Vault machine
- Create a Microsoft IIS machine
- Create a Microsoft Windows (PowerShell) machine
- Create a Microsoft SQL Server machine
- Create a Common KeyStore machine
- Create a Citrix ADC machine
- Create an Imperva WAF machine
- Create a VMware NSX Advanced Load Balancer (AVI) machine
- Create an A10 Thunder ADC machine
- Create a Cloudflare machine
- Create Kemp Virtual LoadMaster machine
- Create a Palo Alto Panorama machine
-
- Provision to an F5 BIG-IP LTM
- Provision to a Microsoft Azure Private Key Vault
- Provision to Microsoft IIS
- Provision to Microsoft Windows (PowerShell)
- Provision to Microsoft SQL Server
- Provision to a Common KeyStore
- Provision to a Citrix ADC
- Provision to an Imperva WAF
- Provision to VMware NSX Advanced Load Balancer (AVI)
- Provision to an A10 Thunder ADC
- Provision to Cloudflare
- Provision to a Kemp Virtual LoadMaster
- Provision to Palo Alto Panorama
-
-
- 47-Day Validity Readiness TLS Certificates dashboard
- About the Certificate Inventory
- Managing certificate lifecycle settings
- Reissuing certificates in Next-Gen Trust Security
- Downloading certificates, certificate chains, and keystores
- Retiring, recovering, and deleting certificates
- Finding certificates in the certificate inventory
- Importing certificates from a CA using EJBCA
- Notification Center overview
- Domain-based validation for external emails
- Managing user accounts
- Troubleshooting
Provision certificates to machines
Next-Gen Trust Security can provision certificates directly to machine keystores. If you haven’t created the machine yet, start by creating a new machine. Otherwise, follow the steps below.
Before you begin
- The certificate you want to provision must already exist in the Next-Gen Trust Security Certificates inventory and include a private key.
- The machine must already be created in Next-Gen Trust Security. If it isn’t, see Create a new machine.
Note: Only certificates with an associated private key can be provisioned. Certificates must have a status of New or Installed. Provisioning fails for certificates in other states.
Note (How renewals work during scheduled provisioning):When a certificate is renewed, Next-Gen Trust Security updates the machine’s Installations list and sets the status to New.Running certificate discovery keeps the status as New, ensuring the renewed certificate remains queued for provisioning.During the next scheduled provisioning run, Next-Gen Trust Security provisions the renewed certificate to the machine, replacing the previous version.
Choose a machine type
Select the type of machine you want to provision a certificate to, then follow the corresponding instructions.
Batch provisioning
Batch provisioning provisions all certificate installations for a machine in a single operation.
- In the Next-Gen Trust Security toolbar, click Installations, then select Machines.
- Select the machine you want to provision.
- Click Provision Now.
- A message below the machine name shows when provisioning starts. Refresh the page to see completion status.
Note: You can click Abort Provisioning to stop the process before completion. Aborting may take a short time to finalize.
Set up a machine provisioning schedule
- In the Next-Gen Trust Security toolbar, click Installations, then select Machines.
- Select the machine you want to configure.
- Click the Provisioning tab.
- Enable the Machine Provisioning Schedule toggle.
- Under Repeat every, choose Daily, Weekly, or Monthly, then select a time.
- Click Save.
Note: Times are shown in UTC.
Note: Scheduled provisioning works best when used with application auto-renewal. Certificates are provisioned only when a certificate is queued for deployment, allowing renewals to be installed in a controlled time window.