Configuring Device Setting

Linux

The Certificate Details and Vendor Specific Details settings can be configured globally under Device Settings. These configurations will automatically apply to all connectors created and associated with certificates in the inventory. This minimizes redundant configuration tasks when a customer needs to add hundreds of connectors with the same settings.

Configuring a Global Device setting requires specifying certificate paths to include or exclude from Device Certificate Discovery and Config Sync operations. When enabled for Linux servers, these settings are applied to all added Linux servers.

  1. Go to (Menu) > CERT+ > ADMINISTRATION > Device Management.
    By default, the ADC tab opens.
  2. Click the Server tab.
  3. Click the (Device Settings) icon.
  4. Select Linux logo from the Vendors list.
    The Linux Vendor Specific Details configuration screen is displayed.
  5. In the Certificate Details section, select/update the following fields.
    Table 1. Description of fields on the Certificate Details section.
    Fields Description
    *Certificate Directory Enter the actual directory/path where certificates are stored in the Linux server.

    Example: /cert/files
    *Operation Select the value include or exclude from the dropdown field. It indicates that the specified certificate directory will be included/excluded from the certificate scan process.
    Scan Type Select the type of scan. Available options are,
    • Default - System scans for all certificate formats and adds them in the certificate inventory.
    • Aggressive - System scans for all keystore files with non\u0002standard SSL extensions. .
    * (asterisk): Mandatory fields
  6. In the Vendor Specific Details section, select/update the following fields.
    Table 2. Description of fields on the Vendor Specific Details section.
    Fields Description
    Enable Network Scan Enable this field to do a network scan along with Managed device discovery scan for these devices.
    Certificate Ownership & Permission Enable this toggle button to customize certificate ownership and file permissions at the App Connector level.
    Update System TrustStore Enable this to update system trust store for root and intermediate certificates. Once enabled, this setting will be turned on at the device connector to update the trust store during certificate push. This can be disabled at individual level at the connector level, if required.
    *Health Value (%) Acceptable values range between 0-99.

    This threshold defines the minimum server resource health required. If the SAR-derived health value drops below this limit, the device will remain unresolved to prevent further processing. Only numeric values between 0 and 99 are allowed, with a default value of 50%. If the SAR package is unavailable, this health check will be skipped.

    * (asterisk): Mandatory fields
  7. Click Add.
    The certificate location will be listed in the table.
  8. [Optional] Click the (Delete) icon, if you want to delete the certificate details from the list.

AKAMAI CPS

During enrollment using server device as endpoint, Akamai has a long list of details that are mandatorily required for the enrollment request. Adding these fields along with the CSR parameters will make the enrollment form too big with many details to be filled out. Since these are fixed values and only have to be filled once, the other mandatory fields are made available in the global device settings page. The details saved on the global setting page are based on the combination of the fields Validation Type, Secure Network, and Vendor Certificate Type that are available on the enrollment page.
  1. Go to (Menu) > CERT+ > ADMINISTRATION > Device Management.
    By default, the ADC tab opens.
  2. Click the Server tab.
  3. Click the (Device Settings) icon.
  4. Select Akamai logo from the Vendors list.
    The Akamai Vendor Specific Details configuration screen is displayed.
  5. Enter the fields in the respective sections described in the table below.
    Table 3. Description of fields on the Vendor Specific Details page.
    Fields Description
    General Information
    *Validation Type Select a validation type from the dropdown list for the endpoint. The default value is Third-party.
    *Secure Network Select the secure network from the dropdown list for the endpoint. The default value is Standard TLS.
    *Vendor Certificate Type Select a vendor certificate type from the dropdown list for the endpoint. The default value is Third-party.
    Organization Information
    *Name Enter the organization's name.
    *Address Enter the organization's address.
    *Country Enter the organization's country code.
    *City/Municipality Enter the organization's city or municipality.
    *State/Province Enter the organization's state or province.
    *Zip/Postal Code Enter the organization's zip or postal code.
    *Phone Number Enter the organization's phone number.
    Admin Contact Information
    *First name Enter the administrator's first name
    *Last name Enter the administrator's last name
    *Phone number Enter the administrator's phone number
    *Email Enter the administrator's email
    Tech Contact Information
    *First name Enter the technical contact's first name
    *Last name Enter the technical contact's last name
    *Phone number Enter the technical contact's phone number
    *Email Enter the technical contact's email
    * (asterisk): Mandatory fields
  6. Click Update.
    The vendor details are saved successfully.

Microsoft SQL

The Force Encryption and Registry Restart settings can be configured globally under Device Settings. These configurations will automatically apply to all connectors created and associated with certificates in the inventory. This minimizes redundant configuration tasks when a customer needs to add hundreds of connectors with the same settings.
  1. Go to (Menu) > CERT+ > ADMINISTRATION > Device Management.
    By default, the ADC tab opens.
  2. Click the Server tab.
  3. Click the (Device Settings) icon.
  4. Select Microsoft SQL logo from the Vendors list.
    The Microsoft SQL Vendor Specific Details configuration screen is displayed.
  5. Enable the radio button if required.
    Table 4. Description of fields on the Vendor Specific Details page.
    Fields Description
    Service Restart Enabling this option applies configuration changes that require you to restart the SQL Server service.
    Force Encryption Enabling this option enforces encryption for all SQL server connections.
  6. Click Update.

APACHE Linux

The Enable Certificate Details and Suppress Heartbeat Alerts During Service Restart settings can be configured globally under Device Settings. These configurations will automatically apply to all connectors created and associated with certificates in the inventory. This minimizes redundant configuration tasks when a customer needs to add hundreds of connectors with the same settings.
  1. Go to (Menu) > CERT+ > ADMINISTRATION > Device Management.
    By default, the ADC tab opens.
  2. Click the Server tab.
  3. Click the (Device Settings) icon.
  4. Select APACHE Linux logo from the Vendors list.
    The APACHE Linux Vendor Specific Details configuration screen is displayed.
  5. Enable the radio button if required.
    Table 5. Description of fields on the Vendor Specific Details page.
    Fields Description
    Enable Certificate Details Enabling this option will display the deprecated certificate details section in the Add/Modify device from the Apche Linux.
    Suppress Heartbeat Alerts During Service Restart Enabling this option to disable or prevent false alert triggered during Apache service.
  6. Click Update.