Managing Certificate Groups

Prerequisites

Before configuring and managing the certificate groups, you must know that:
  • Certificate Groups are used to categorize the certificates according to various business units.
  • In some organizations, Certificate Groups are also used to assign access permissions. Only privileged users (inherited from Resource > User Group) can view the respective Certificate Groups.
  • Users should be assigned to a Role (inherited from Role > User Group) that has access to perform the below actions:
    • View a group
    • Assign a group
    • Unassign a group
  • With these actions, users can assign a group during Certificate Discovery to avoid movement of certificates post-discovery.
  • Along with the view, assign, and unassign options, administrators should be assigned to a role that has access to the following additional actions:
    • Create/ modify a group
    • Delete a group
    • Edit default group

Creating a Certificate Group

To create a certificate group:

  1. Go to (Menu) icon > CERT+.
    The CERT+ left navigation pane appears.
  2. Click Groups from Groups & Policies on the LHS pane.
  3. Click + Create.

    The Create Group page is displayed.

  4. In the Group Details section, enter the following details:
    Table 1. Field Description for Group Details section
    Field Description
    *Select Group Hierarchy From the list of group hierarchies, select the parent group of the new group.
    *Group Name Enter a unique name.
    Application ID Enter an ID specific to your organization.
    Description Enter detailed information regarding the group stating the purpose.
    Note: Fields marked with red asterisk (*) symbol are mandatory.
  5. In the Other Details section, provide the following details about the certificate group:
    Table 2. Field Description for Other Details section
    Field Description
    Contact Name Enter the name of the person to be contacted in case of any changes.
    Line of Business Name Enter the name of the business unit.
    Email Enter the email address of the contact person.
    Environment Name Enter the name of the environment.
    Phone Number Enter the phone number of the contact person.
    Inventory Number Enter the number related to the inventory.
    Cost Center/ Hierarchy Enter the cost center code/ label.
    Push Certificate Automatically To associate the certificate automatically with its device, select the Push Certificate Automatically check box.
    Renew Automatically To enable automatic renewal of the certificates under this group, turn on the Renew Automatically toggle.
    Note: If you enable the automatic renewal, two more details have to be entered:
    • Start Renewing: Enter a number between 1 to 90 to denote the number of days.

      The system will renew the certificate before expiry.

    • Approval required: To enable the requirement for approval, select this check box.
    Warning: If you change the group associated with the certificate, the number of renewal days will be overwritten as per the new group.
    Associated Policy From the list of CA policies, select the required Associated Policy.
  6. Click Create to add the certificate group to the system.
    Note: You can search for the required group and add the frequently used keywords as favorites. You can also create a certificate group for Server, Client, and Device certificates by clicking the Group () icon from the respective tabs under Certificate Inventory.

Modifying a Certificate Group

To modify a certificate group:

  1. Go to (Menu) icon > CERT+.
    The CERT+ left navigation pane appears.
  2. Click Groups from Groups & Policies on the LHS pane.

    The group inventory page appears.

  3. Click the name of the certificate group you want to edit.
  4. On the Modify screen that appears, make whatever changes you want to the content.
  5. Click Update to save your edits.

Deleting a Certificate Group

To delete a certificate group:

  1. Go to (Menu) icon > CERT+.
    The CERT+ left navigation pane appears.
  2. Click Groups from Groups & Policies on the LHS pane.

    The group inventory page appears.

  3. Select the group you want to delete and click Delete.
    A Confirmation popup window appears.
  4. Click Yes.
    The group is deleted from the inventory.

Assigning/Unassigning Certificate Groups

To assign a group to a certificate from within the Inventory module:

  1. Go to (Menu) icon > CERT+.
    The CERT+ left navigation pane appears.
  2. From Certificate Inventory, click Common Name of the certificate whose CSR you want to download and click Assign Group.

    -OR-

    On the certificate list, select the check box beside the certificate that you want to assign a group to. Click Actions and select the Assign Group option from the dropdown.

    The Assign/Unassign Certificates screen appears.

  3. Select the group you want to assign to the certificate.
  4. Click Assign.
    Note: You can follow the same steps selecting Unassign Group to unassign. You cannot unassign a certificate from the Default group. If you unassign a certificate from the assigned group, it is assigned to the Default group.