Skip to main content

Provision trust stores on your servers

You can use trust stores management in DigiCert​​®​​ Trust Lifecycle Manager to provision CA certificates to trust stores on your servers through DigiCert agents. This workflow allows you to select private and public CA certificates in your Trust Lifecycle Manager inventory, choose target agents or agent groups, and define how the selected CA certificates are provisioned to trust stores on each server.

You can configure delivery settings using a default trust store configuration for consistency or customize settings per agent as needed. After reviewing your selections, you can submit the provisioning request to update trust stores across selected agents, ensuring certificates are deployed in a controlled and consistent manner.

To provision CA certificates to agents and configure trust store deployment, perform the following steps:

Step 1: Select your CA certificates

Start by selecting the CA certificates you want to include in the provisioning request.

  1. In the Trust Lifecycle Manager menu, go to Inventory > Trust stores > Provision trust​.

  2. On the Provision CA certificates page, enter a Provisioning request name.

  3. In the Select CA certificates section, select the checkbox for the required certificates from the available list.

  4. (Optional) Use the search or the filter options available in the column headers to locate the required certificates in the table, and then select their checkboxes.

  5. Select Next.

Step 2: Select agents

Select the agents or agent groups to which you want to provision the CA certificates.

Anmerkung

If no agents are available, select Configure agents to add or manage agents before continuing with provisioning. Selecting Configure agents redirects you to the Discovery & automation tools > Agents page. After configuring agents, return to the provisioning flow to continue. To learn more, see Configure agents.

  1. On the Provision CA certificates page, choose one of the following options:

    • Individual agents:

      1. Select the checkbox for each agent to which you want to provision certificates.

      2. (Optional) Use the search or the filter options available in the column headers to locate the required agents in the table, and then select their checkboxes.

    • Agent group:

      1. On the Provision CA certificates page, configure the delivery settings. Select Agent group.

      2. From the Select agent group dropdown, choose the required agent group. The selected agents and their operating systems (OS) details are displayed.

  2. Select Next.

Step 3: Configure the delivery options

Configure the delivery options for the selected CA certificates on the target agents.

  • On the Provision CA certificates page, Choose one of the following options to configure the delivery settings:

    • Use default configuration: Select this option to apply the same trust store settings across all selected agents.

      1. Enable Use default configuration option.

      2. Select the operating system. The supported operating systems are Linux and Windows.

      3. For the default configuration, configure the following Trust store settings in the Trust store path section:

        • Format: Select the trust store format. The supported formats are JKS for Linux and CAPI for Windows.

        • Trust store location: Enter the file path or select a system store location.

        • Trust store password (optional): Enter a password if required.

      4. Add trust store path: Select this button to configure additional paths for agent. This option allows the selected CA certificates to be provisioned to multiple trust stores on the server.

      5. Select Apply defaults to apply the configuration to all selected agents.

    • For configuring trust store settings for individual agents, locate the agent and expand the agent section. Configure the following settings in the Trust store path section:

      • Format: Select the trust store format.

      • Trust store location: Enter the file path or select a system store location.

      • Trust store password (optional): Enter a password if required.

      • Add trust store path: Select this button to configure additional paths for the agent.

      • Select Next.

Step 4: Review and submit the provisioning request

Review the configuration details before submitting the request.

  1. On the Provision CA certificates page, review the provisioning details, including:

    • Provisioning request name

    • Certificate authority (CA) certificates

    • Agents and delivery options

  2. (Optional) Select Back to modify any previous step.

  3. Select Provision to submit the request.

What's next

  • After provisioning, you can view and manage the deployed trust stores from the Inventory > Trust stores > Endpoints page. To learn more, see Manage endpoints for trust stores.

  • You can view all trust store provisioning requests across your environment from the Inventory > Trust stores > Provisioning history​ page. To learn more, see Provisioning history.

In diesem Abschnitt: