Creating certificate objects on TPP

(SPE2501) (SPE2504)

You can use the BMC AMI Enterprise Connector for Venafi UI to create certificate objects on Venafi Trust Protection Platform (TPP).

Before you can use this feature, you must define a user ID that can configure certificate objects. For more information, see Setting ESM profiles.

Related topics

Using

Depending on where you access this feature, you can create one of the following certificate types:

  • A wholly new certificate
  • A certificate based on an existing certificate

A wholly new TPP certificate has the TPP Certificate Folder, TPP Device Folder, and TPP Device Object fields already populated. This information comes from the TPPServer statement in the EC for Venafi gateway configuration member ECVGPARM.

A new certificate that is based on an existing certificate can have additional information populated in the Create new object in TPP window, for example, the certificate label, certificate owner, and common name.

To create a certificate

  1. From the EC for Venafi UI, choose the type of certificate you want to create by selecting one of the following options from the main menu:
    • New certificate—Select Create New Certificate > Create Certificate on TPP.
    • Based on existing certificate—Select Certificates > Show Certificates, and then next to the certificate that you want to use as a basis, click Select > Create Certificate on TPP.

The Create new certificate window is displayed.

  1. Configure the certificate as required.

    ParameterDescription
    TPP Certificate FolderLocation where you want to store the certificate
    TPP Certificate ObjectName of the TPP certificate object associated with the certificate
    TPP Device FolderLocation of the physical host on which the certificate will be installed
    TPP Device ObjectName of the TPP device object associated with the certificate
    Certificate LabelUnique identifier representing the certificate
    Certificate OwnerIndividual or entity responsible for managing the certificate
    CNCommon name or host name for which the certificate is issued
    OOrganization for which the certificate is issued
    OUOrganizational unit for which the certificate is issued
    LLocality for which the certificate is issued
    SState for which the certificate is issued
    CCountry for which the certificate is issued
    Site certificateIs the certificate a site certificate
    ICSF certificateIs the certificate stored in ICSF
    Key algorithm

    Algorithm used for encryption

    EC for Venafisupports both Rivest-Shamir-Adleman (RSA) and Elliptic Curve Cryptography (ECC) keys.

    Post Implement ScriptScript that can perform site-specific tasks after the successful creation of a certificate
    Select LPAR

    Target LPAR on which the certificate will be installed

    The Response box shows if the LPAR you select is active.

  2. Click Submit.
    The Response box shows if the certificate was created successfully.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*