Skip to main content

Automation profiles

An automation profile is a template for TLS/SSL certificate deployment. A profile defines certificate properties, such as product type and validity, so you can maintain TLS/SSL uniformity across your environment.

When you schedule an automation event, you choose a profile. The ACME agent or sensor then requests and installs a certificate with those predetermined settings. You can define multiple profiles and choose the right one depending on the situation.

Create an automation profile

Before you begin

  • Identify common properties of certificates in your environment:

    • The host device as a dedicated endpoint or a load balancer

    • Certificate type

    • Validity period

    • Coverage length (applicable only for accounts with multi-year plans)

    • The division that manages or owns the device and its certificate

    • The organization most commonly associated with the device and its certificate

  • Do you want this set of certificate properties to be the default profile? If you make it the default, you and other requesters can still choose a different profile, as needed, when scheduling automation.

  • Do you want the associated certificate and Multi-year Plan to be automatically renewed? If yes, the auto-renew feature ensures your certificate and Multi-Year Plan are automatically renewed before expiring to maintain uninterrupted service. For more information about these plans, see Multi-year Plans.

Steps

  1. In your CertCentral account, in the left main menu, go to Automation > Manage profiles.

  2. On the Manage automation profiles page, select Add new profile.

  3. On the Create an automation profile page, select the profile type to create:

    • Create agent profile to create a profile for ACME agent-based automations on standard hosts.

    • Create sensor profile to create a profile for sensor-based automations on network appliances.

  4. Specify the certificate properties you identified above.

  5. Select Save.

Manage default automation profiles

There are separate default profiles for ACME agent-based and sensor-based automations. A Default tag next to the profile name indicates that profile is the default choice when configuring a new automation request.

The first ACME agent and sensor automation profiles you create are each set as their automation type's default profile.

To set a different default automation profile:

  1. In your CertCentral account, in the left main menu, go to Automation > Manage profiles.

  2. On the Manage automation profiles page, find and select the name of the profile you want to set as your default.

  3. Select Make this the default automation profile.

  4. Select Save.

Edit an automation profile

Change certificate settings in an automation profile to align with your common or required certificate practices:

  1. In your CertCentral account, in the left main menu, go to Automation > Manage profiles.

  2. On the Manage automation profiles page, find and select the name of the profile you want to edit.

  3. Make your changes and select Save.

Notice

The automation profile type, ACME agent or sensor, cannot be changed.

Fix an incomplete automation profile

If an administrator makes a certificate policy change in CertCentral that restricts or prohibits a current setting in an automation profile, that profile is disabled and tagged as "Action needed".

For example, imagine an automation profile named "Renew Secure Site SSL" that defines Secure Site SSL as its product type. If an admin disables Secure Site SSL as an available product type in your account, the Renew Secure Site SSL profile will be in an unusable state and any automation request that uses that profile will fail.

How do I know if there's a profile problem?

To be informed of an automation profile problem:

  • View alerts on the Automated IPs inventory. Go to Automation > Automated IPs and view the alerts for Automation issues > Action required > Automation status: Profile action needed.

  • Go to Automation > Manage profiles and check for Status: Action needed.

Steps

  1. In your CertCentral account, in the left main menu, go to Automation > Manage profiles.

  2. On the Manage automation profiles page, browse or filter for profiles with Status: Action needed.

  3. Select the name of the profile that needs to be fixed.

  4. Check the messages at the top of the profile page to know what settings are incomplete.

  5. Check and update all required settings.

  6. Select Save.

What's next?

With your automation profiles in order and your automation clients (ACME agents and/or sensors) in place, you are ready to start scheduling certificate automation events: