Skip to main content

Connect to a network appliance or cloud service

Connect DigiCert​​®​​ Trust Lifecycle Manager to your dedicated network appliances or cloud applications to discover and automate certificate deployments.

Before you begin

You need an active DigiCert sensor to help manage the installed certificates on your external network systems. To learn more, see Deploy and manage sensors.

Add the connector

  1. From the Trust Lifecycle Manager main menu, select Integrations > Connectors.

  2. Select the Add connector button.

  3. Select the applicable system type from the Appliances or Cloud services section.

  4. Enter a friendly Name for this connector.

  5. Select a Business unit for this connector. Only users assigned to this business unit can manage the connector.

  6. For the Managing sensor, select an active DigiCert sensor to use to manage this connector.

  7. Fill in the requested system details. These vary by network appliance or service type.

    Network appliance/service

    Required information

    Notes

    A10

    • Management IP

    • Management port

    • Username

    • Password

    The provided credentials must be for an account with full administrator access.

    Citrix ADC

    • Management IP

    • Management port

    • Web protocol

    • Web username

    • Web Password

    • SSH username

    • SSH password

    • SSH port

    The provided credentials must be for an account with full administrator access.

    F5 BIG-IP LTM

    • Management IP

    • Management port

    • Username

    • Password

    The provided credentials must be for an account with full administrator access. In the F5 account properties, the Terminal Access field must be set to "Advanced shell".

    When adding the connector, use the Additional settings section to configure options for how to store files on the F5 appliance.

    AWS ELB (Application/Network)

    • Account ID

    • AWS region

    • Authentication method

    The linked AWS account must include managed policies AWSCertificateManagerFullAccess and ElasticLoadBalancingFullAccess or equivalent permissions.

    See descriptions of available authentication methods below.

    AWS CloudFront

    • Account ID

    • Authentication method

    The linked AWS account must include managed policy AWSCertificateManagerFullAccess or equivalent permissions.

    See descriptions of available authentication methods below.

    AWS unified

    • AWS scope

    • Account ID

    • Role or AWS region

    • Authentication method

    Use an AWS unified connector to import and deliver certificates to AWS Certificate Manager (ACM) in one or more AWS accounts.

    • AWS scope: Select whether to link to an AWS organization (and all its member accounts) or a specific AWS account.

    • Account ID: Enter the account ID for the management account (organization scope) or an IAM user (account scope). See Minimum required permissions for AWS unified connectors.

    • Role or AWS region: Enter the name of a common IAM role with access to the AWS resources to manage (organization scope) or the AWS region to connect to (account scope).

    • Authentication method: See descriptions below.

  8. For AWS cloud connectors, select an authentication method to provide your login credentials.

    Authentication method

    Parameter

    Required/Optional

    Description

    Default AWS credential provider chain

    Provide login credentials using default AWS credential provider chain.

    Self-authentication

    • Access key

    • Secret key

    Required

    Supply the credentials yourself.

    AWS profile name

    • AWS profile name

    Optional

    Use an AWS profile name as your login credentials.

    Alternatively, you can also use the AWS account ID to authenticate the login.

    Aviso

    The AWS account you connect with must have the below permissions at minimum.

    • For AWS ELB (Application/Network) load balancers: ElasticLoadBalancingFullAccess and AWSCertificateManagerFullAccess

    • For AWS CloudFront: CloudFrontFullAccess, AWSCertificateManagerFullAccess, and IAMReadOnlyAccess

  9. Select Add to complete the link to the network appliance or cloud service.

What's next

  • Trust Lifecycle Manager looks for existing certificates on the network appliances and cloud services you connect to. The number of certificates it finds will appear on the Integrations > Connectors page in the Automation targets column.

    Select a connector by name to view the details for it, then select the links in the Assets found on this connector section to load and manage the discovered assets for that connector on the Inventory page.

  • Set up certificate lifecycle automation to automate management of certificates on the connected network appliances and cloud services.

  • If you have an AWS unified connector, you can use the Admin web request function to enroll new certificates with automated delivery to AWS Certificate Manager (ACM) in the linked AWS accounts.

Nesta secção: