Designing a Custom Workflow using OOB Tasks

You can use the OOB tasks and subflows available in the Automation module to build custom workflows for enrolling and renewing certificates. You can also add the OOB Push to Device subflow to push the certificates to a selected device.

To design a custom workflow to enroll a certificate and push it to a device:

  1. Navigate to the Workflow page in the Automation module and click Create New.
  2. Enter a Name for the workflow and click Save.
  3. To access the OOB workflow tasks, from the left menu, click Certificates.
  4. Under Certificates, from the Enrollment folder, drag and drop the required OOB task for enrolling a certificate, for example, the Create AppViewX Certificate task.
  5. Click Save.
  6. Under Certificates, from the Utils folder, drag and drop the OOB Push to Device subflow.
  7. Under Certificates, from the Utils folder, drag and drop the OOB View and Download Certificate task.
  8. To generate a form for this workflow, click Form above the Start task.
  9. Click above the Create AppViewX Certificate task to auto-populate the form fields.
  10. Connect all workflow tasks and enable the workflow.
  11. Trigger the workflow from the Request :: View/Run page.
    The workflow execution page is displayed with the workflow inputs requested at the first stage.
    Table 1. Field Description for the User Inputs form
    Field Description
    *Certificate Category Select the Certificate Profile from the following options:
    • Server
    • Client
    • Code Signing
    Note: Server is the default selection.
    *Certificate Group Select the Certificate Group from the options available in the dropdown.
    *Certificate Authority Select the Certificate Authority from the options available in the dropdown. The following CAs are supported:
    • DigiCert
    • Entrust
    • EJBCA
    • Microsoft Enterprise
    • AppViewX
    Note: This field is populated based on the Certificate Group selected.
    *CA Account Select the CA Account from the options available in the dropdown.
    Note: This field is populated based on the Certificate Authority selected.
    *Division Select the Division from the options available in the dropdown.
    Note: This field is displayed only when DigiCert is selected as the CA.
    Certificate Type Select the Certificate Type from the options available in the dropdown.
    *Auto Renewal Select the required radio button to enable/disable Auto Renewal.
    Note: Default selection is set to Off.
    Renew Before (Days) Enter the number of days in the Renew Before (days) field. For example, if you enter 5, then the renewal request will be triggered 5 days prior to the expiry date.
    Note: This field is displayed only when the Auto Renewal field is enabled.
    Description Enter a description for the certificate to be created.
    *Common Name Enter the Fully Qualified Domain Name (FQDN) of the server for which certificate is requested.
    Subject Alternative Name Select the SAN as either:
    • DNS
    • IP Address
    DNS Enter a valid DNS if you select the DNS option in the SAN field.
    IP Address Enter a valid IP Address if you select IP Address in the SAN field.
    Organization Enter the name of the organization with which the certificate will be associated.
    Organization Unit Enter the name of the organization unit with which the certificate will be associated.
    State Enter the name of the state in which the organization is located.
    Country Enter the name of the country in which the organization is located.
    Zip Code Enter the zip code.
    Email Address Enter the email address associated with the Certificate Group.
    *Validity Unit Select the Validity Unit as either:
    • Days
    • Months
    • Years
    *Validity Value Enter a Validity Value based on the selected validity unit.
    Challenge Password Configure the Challenge Password to protect the certificate.
    *Hash Function Select the Hash Function from the options available in the dropdown.
    *Key Type Select the Key Type from the options available in the dropdown.
    *Bit Length Select the Bit Length from the options available in the dropdown.
    Note: This field will be populated based on the selected Key Type.
    Attribute Select the Attribute from the available options.
    Attribute Value Enter a value for the selected attribute.
    All Asterisk (*) marked fields are mandatory.
  12. To add this attribute to the Certificate Attributes grid, click .
  13. To edit the value of a particular attribute, select the attribute in the grid and click .
  14. Enter the new value for the attribute in the Value field and click again to update the value.
  15. To delete a certificate attribute, select the attribute in the grid and click .
  16. To maximize the Certificate Attributes grid, from the top right corner of the grid, click .
  17. To search for a particular attribute in the grid, type the keyword(s) in the search field.
  18. Click Next.
    AppViewX Certificate is created successfully.
  19. At the Device Inputs stage of workflow execution, under Device Details, select the requested field information as described in the table below.
    This table describes the field information in this section:
    Table 2. Field Description for Device Details section
    Field Description
    *Device Type Select the Device Type from the options available in the dropdown.
    *Vendor Select the Vendor from the options available in the dropdown.
    Note: The vendor list is populated based on the Device Type selected.
    *Device Select the Device from the options available in the dropdown.
    Note: The device list is populated based on the Vendor selected.
    Linux Actions Select the Linux Action from the options available in the dropdown.
    Note: This field is displayed only when you select Linux Server in the Vendor field.
    *Profile/Application Select the Profile/Application from the options available in the dropdown.
    Note: The Profile/Application list is populated based on the Device selected.
    *KDB Password Configure a password to access the KDB file.
    Note: This field is displayed only when you select Default in the Linux Actions field.
    *Push to Devices Add the selected profile/application to the grid as described below the table.
    All asterisk (*) marked fields are mandatory.
  20. To add the selected profile/application to the grid, click .
    The Profile/Application is added to the Push to Devices grid.
    Note: If you select multiple profiles/applications, they will be displayed in the Push to Devices grid, under the Profiles/Applications column as comma separated values.
    Table 3. Actions available in the Push to Devices grid
    Action Description
    Allows you to edit the device details. You can do this by selecting the attribute in the grid, click , enter the new value for the attribute, and click again.
    Allows you to delete a profile/application.
    Allows you to maximize the Push to Devices grid.
    Search bar Allows you to search for a profile/application in the grid.
  21. Click Submit.
    Certificate is pushed to the selected device.
  22. To download the certificate, at the View | Download Certificate stage of the workflow, hover your mouse over , and from the options displayed, click Download Certificate.
  23. Hover your mouse over to view the Certificate status.
    Note: For more information on how to design workflows, refer to the Automation User Guide.