Install a new certificate on an unsecured IP/port
Follow these steps to enroll and install a new certificate onto an unsecured IP/port endpoint on one of your web servers, network appliances, or cloud services.
Before you begin
To deploy the certificate to a web server, you need an active DigiCert agent running on that server and a certificate automation profile with the
DigiCert agent
enrollment method.To deploy the certificate to a network appliance or cloud service, you need an active connector for that system and a certificate automation profile with the
DigiCert sensor
enrollment method.
Submit the certificate automation request
To request certificate issuance and installation on an unsecured IP/port target on one of your systems:
From the Trust Lifecycle Manager main menu, select Inventory.
Use the View inventory functions to display the unsecured IP/port endpoint where you want to install the certificate. You can use the Unsecured system view, or one of your saved custom views.
Hover the Common name column for the endpoint where you want to install the certificate, open the actions (three dots) menu on the right, and select Request certificate.
Important
The IP/port target you select must have an automation status of Configured. If not, check the configuration of the associated DigiCert agent (for web servers) or connector (for network appliances and cloud services).
Fill out the Automation request form:
Choose profile: Select one of the available certificate automation profiles for the type of certificate you want to issue.
Certificate information: Add the common name and any additional order options for the certificate.
Warning
For agent-based automation on Apache, Nginx, or Tomcat web servers, the common name must match an existing site in the web server configuration otherwise the certificate will get issued but the install will fail.
Schedule certificate automation: Select whether to run the lifecycle management action now or schedule it for a later date and time.
Auto-renew: (Optional) Select any auto-renewal options for the certificate. These options will apply to this certificate only and override any auto-renew options configured in the certificate profile.
Scripts: (Optional, for web servers only) Select from available pre- or post-installation scripts to run on a one-time basis for this automation event. These override any similar scripts in the agent configuration. To learn more, see Agent scripts.
Tags: (Optional) Apply one or more tags to the issued certificate to help identify it in Trust Lifecycle Manager for management and tracking purposes.
Select the checkbox at bottom to acknowledge acceptance of the Certificate Services Agreement.
Select Submit to finalize the certificate automation request.
What's next
Trust Lifecycle Manager runs the certificate lifecycle automation job now or at the time you schedule in each request. You can check status of automation requests at any time from the Inventory view.