Renew Certificate and Push

This workflow allows you to renew a certificate based on the certificate group and certificate authority and push it to the selected device.

To trigger this workflow:

  1. From the Certificate Lifecycle Automation catalog, under the Renewal category, hover your mouse over the Renew Certificate and Push workflow and click .
    Tip: You can also search for the workflow by typing the workflow name in the search bar.
    The workflow execution page is displayed with the workflow inputs requested at the first stage.
  2. Under the General Information section, select the Certificate Type (mandatory).
  3. Under the General Information section, select the Assign Group (mandatory).
  4. Under the CA Details section, select the Certificate Authority (mandatory).
  5. Under the Certificate Information section, select the Certificate from the dropdown list (mandatory).
    The Serial Number and CA Account fields are populated based on the Certificate selected.
  6. Under the CSR Parameters section, enter or select the requested field information as described in the table below.
    Table 1. Field Description for CSR Parameters section
    Field Description
    *Common Name Enter the Fully Qualified Domain Name (FQDN) of the server for which certificate is requested.
    Note: You have the option to change the common name of the regenerated certificate.
    Subject Alternative Name Select the SAN as either:
    • Directory Name
    • Email
    • Registered ID
    • URL
    • Other Name
    • DNS
    • IP Address
    DNS Enter a valid DNS if you select the DNS option in the SAN field.
    Directory Name Enter a valid Directory Name if you select the Directory Name option in the SAN field.
    IP Address Enter a valid IP Address if you select IP Address in the SAN field.
    Registered ID Enter a valid Registered ID if you select the Registered ID option in the SAN field.
    Other Name Enter a valid Other Name if you select the Other Name option in the SAN field.
    URL Enter a valid URL if you select the URL option in the SAN field.
    Email Address Enter a valid URL if you select the URL option in the SAN field.
    Organization Enter the name of the organization with which the certificate will be associated.
    Organization Unit Enter the name of the organization unit with which the certificate will be associated.
    Country Enter the name of the country in which the organization is located.
    State Enter the name of the state in which the organization is located.
    Zip Code Enter the zip code.
    *Validity Unit Select the Validity Unit as either:
    • Days
    • Months
    • Years
    *Validity Value Enter a Validity Value based on the selected validity unit.
    *Key Type Select the Key Type from the options available in the dropdown.
    *Bit Length Select the Bit Length from the options available in the dropdown.
    Note: This field will be populated based on the selected Key Type.
    *Hash Function Select the Hash Function from the options available in the dropdown.
    All asterisk (*) marked fields are mandatory.
  7. Under the Certificate Attributes section, select the Attribute from the available options.
  8. Enter a value for the selected attribute.
    Table 2. Actions available in the Certificate Attributes grid
    Action Description
    Allows you to add the attribute to the Certificate Attributes grid.
    Allows you to edit the value of a particular attribute. You can do this by selecting the attribute in the grid, click , enter the new value for the attribute, and click again.
    Allows you to delete a certificate attribute.
    Allows you to maximize the Certificate Attributes grid.
    Search bar Allows you to search for a particular attribute in the grid.
  9. Under the Vendor Specific Details section, select the field information from the options available in the dropdown.
    Note: This section is displayed only when DigiCert, EJBCA, or Entrust is selected as the Certificate Authority under the CA Details section. The field(s) displayed will vary based on the CA selected.
  10. Under the Device Information section, select the field information as described in the table below.
    Table 3. Field description for Device Details section
    Field Description
    *Device Type Select the Device Type from the options available in the dropdown.
    Vendor Select the Vendor from the options available in the dropdown.
    Note: The vendor list is populated based on the Device Type selected.
    Device Select the Device from the options available in the dropdown.
    Note: The device list is populated based on the Vendor selected.
    Linux Actions Select the Linux Action from the options available in the dropdown.
    Note: This field is displayed only when you select Linux Server in the Vendor field.
    *Profile/Application Select the Profile/Application from the options available in the dropdown.
    Note: The Profile/Application list is populated based on the Device selected.
    *KDB Password Configure a password to access the KDB file.
    Note: This field is displayed only when you select Default in the Linux Actions field.
    *Push to Devices Add the selected profile/application to the grid as described below the table.
    All asterisk (*) marked fields are mandatory.
  11. To add the selected profile/application to the grid, click .
    The Profile/Application is added to the Push to Devices grid.
    Note: If you select multiple profiles/applications, they will be displayed in the Push to Devices grid, under the Profiles/Applications column as comma separated values.
    Table 4. Actions available in the Push to Devices grid
    Action Description
    Allows you to edit the device details. You can do this by selecting the attribute in the grid, click , enter the new value for the attribute, and click again.
    Allows you to delete a profile/application.
    Allows you to maximize the Push to Devices grid.
    Search bar Allows you to search for a profile/application in the grid.
  12. Under the Notifications section, enter the Email ID to which the certificate creation notification will be sent.
    Note: The Email ID field will auto-populate with the logged in user’s email address by default if the email address has been configured in the SMTP settings. You can also enter a different email address in this field or enter multiple email addresses separated by commas.
  13. Click Submit.
    Certificate is renewed successfully.
  14. To download the certificate, at the View and Download Certificate stage, hover your mouse over and from the options displayed, click Download Certificate.
  15. Hover your mouse over to view the Certificate status.