Skip to main content

Create and manage automation profiles

An automation profile is a template for TLS certificate deployment. A profile defines certificate properties such as product type and validity so certificates remain consistent across your environment. When you schedule an automation event, you select a profile. The ACME agent or sensor then requests and installs a certificate with the predefined settings.

You can define multiple profiles and select the appropriate one for each automation event.

Create an automation profile

  1. In the CertCentral main menu, go to Automation > Manage profiles.

  2. Select Add new profile.

  3. Select the profile type:

    • Create agent profile: For ACME agent-based automations on standard hosts.

    • Create sensor profile: For sensor-based automations on network appliances.

  4. Configure the certificate properties:

    참고

    Auto-renew can automatically renew the certificate and associated multi-year plan before expiration. For more information, see Multi-year Plans. This setting applies to Enterprise and Partner accounts only. Subscription accounts use a different renewal model.

    • Product type and validation level

    • Certificate validity period

    • Signature hash algorithm

    • Auto-renew settings

  5. Select Save.

Set a default automation profile

ACME agent-based and sensor-based automations each have a separate default profile. A Default tag next to the profile name identifies the profile selected by default when you configure a new automation request.

The first ACME agent profile and the first sensor profile you create automatically become the default profiles for their respective automation types.

To set a different default profile:

  1. In the CertCentral main menu, go to Automation > Manage profiles.

  2. Select the profile name you want to set as the default.

  3. Select Make this the default automation profile.

  4. Select Save.

Edit an existing automation profile

Change certificate settings in the automation profile to align with your organization's certificate requirements:

Notice

The automation profile type cannot be changed after profile creation. Profile types include ACME agent and sensor. Create a new profile when the wrong profile type is selected.

  1. In the CertCentral main menu, go to Automation > Manage profiles.

  2. Select the profile name you want to edit.

  3. Update the certificate settings as required.

  4. Select Save.

Changes apply to all future automation events using this profile.

To apply changes to already-scheduled automation events, select Update these preferences in scheduled automation events that use this profile.

Resolve a disabled or incomplete profile with Action needed status

When an administrator makes a certificate policy change that conflicts with a profile setting, CertCentral disables the profile and tags it as Action needed.

For example, an automation profile named "Renew Secure Site SSL" defines Secure Site SSL as its product type. When an admin disables Secure Site SSL as an available product type in your account, the Renew Secure Site SSL profile becomes unusable. Automation requests that use the profile fail.

Use these methods to identify automation profile problems:

  • View alerts in the Automated IPs inventory. Go to Automation > Automated IPs and review alerts under Automation issues > Action required > Automation status: Profile action needed.

  • Go to Automation > Manage profiles and review profiles with a status of Action needed.

  1. In the CertCentral main menu, go to Automation > Manage profiles.

  2. Filter for profiles with Status: Action needed.

  3. Select the profile name.

  4. Review the messages at the top of the profile page to identify incomplete or conflicting settings.

  5. Update all required settings.

  6. Select Save.

What's next

Schedule automation events to begin automating certificate lifecycle events for configured clients

이 섹션의 내용: