Verify and finalize sensor configuration
After your local sensor system has been configured to add network appliances for automation, go to CertCentral Automation > Manage automation to verify and finalize the configuration.
The Manage automation view lists all network appliances that are currently set up for automation. From here you can verify and configure:
Automation settings for network appliances
Check the Status column to verify that each network appliance is configured for automation or select it in the Name column to view/update its automation settings.
Sensor software management settings
Select the sensor in the Managed by column to configure management settings for the sensor software itself.
Automation settings for network appliances
The Manage automation view lists all active network appliances. By default, they are named by:
Management IP address: for A10, Citrix, or F5 load balancers (for example,
10.100.98.5
)Account ID_region: for AWS load balancers (for example,
832981108861_us-east
)
To verify that a particular network appliance is configured for sensor-based automation, find the listing for it and check that the Status column shows Configured
.
Selecting the network appliance in the Name column opens the automation configuration panel on the right. From here you can:
Change the name assigned to the network appliance.
Change the private key security type for the network appliance.
Configure use case specific options (see below).
Verify the network appliance type, FQDN, management IP, and partitions.
Verify the name and software version of the sensor managing the appliance.
Use case specific options:
F5 BIG-IP load balancers:
Select Private key security type in the configuration panel to specify the storage of your private keys:
Normal: Store the private key in the F5 BIG-IP load balancer itself.
FIPS: Store the private key in the Federal Information Processing Standards (FIPS) enabled module of the F5 BIG-IP load balancer.
NetHSM: Store the private key in the Hardware Security Module (HSM) device connected to the F5 BIG-IP load balancer.
For high-availability configurations, specify which host is updated first (Active-Standby or Standby-Active).
DV certificate installations:
Select DNS integration or provider for the validation of the DNS challenge to prove the ownership of the domains. The list includes all the integrations added to the sensor.
Note: DNS integrations or providers in the list marked Critical had issues in the past while setting the DNS challenge. They may fail again. We recommend you select another integration or provider for successful validation.
To learn more: Create a DNS integration to automate DV certificates on load balancers.
Note
Select Save to apply any changes made in the automation configuration panel.
Sensor software management settings
Selecting the sensor in the Managed by column opens the sensor software management view. From here you can:
Use the split action button at top to Suspend (pause) or Void (disable) this sensor, or Upload sensor log data.
Update the custom name assigned to this sensor.
Update the email address for notifications related to this sensor.
View the sensor software version and license key.
View the sensor system's IP addresses.
Select whether the sensor software will get updated automatically (default) or will prompt you before updating.
Under Advanced settings you can:
Set the heartbeat communication interval used by this sensor to sync with CertCentral.
Set the local communications port for agents that use this sensor as a proxy.
Enable sensor debug logging.
Note
Sensor settings can also be managed by first selecting the Manage sensors button and then selecting the relevant sensor in the Sensor name column.
What's next?
When your sensor is installed, activated, and configured, you can start using it to automate certificate management on your network appliances.
To learn more: Next steps.