Bulk Push for Intermediate/Root Certificates

Bulk push of the certificates can be triggered from the inventory by selecting more than one certificate. To push intermediate and root certificates in bulk:

  1. Go to (Menu) > CERT+ > CERTIFICATE INVENTORY > Actions > Bulk Push.
    The Intermediate/Push Certificate > Add Connector page is displayed.
  2. Enter the General Information for the connector.
    Table 1. Field descriptions for the connector General Information
    Field Description
    *Category Select the required category from the dropdown list. The available options are:
    • ADC
    • Server.
    *Vendor The Vendor field appears as follows based on the selected category:
    • By default, if the category is selected as ADC, the Vendor field will apear with F5.
    • By default, if the category is selected as Server, the Vendor field will apear with LinuxServer.
    *Process Name For future reference, enter the process name (for example, F5 bulk push).

    Allowed characters:

    • All alphanumeric characters (a-z, A-Z, 0-9)
    • All special characters except <, >, ", ;, and `
    Description Enter any additional details you want to record for this connector.
    Based on the information entered here, the SSL templates section is populated with the list of available Linux Server devices already onboarded in AppViewX.
  3. To select the device(s) to which the certificates will be pushed, under SSL templates, from the list of Available Devices, click .
    You can use the Available Devices dropdown list to filter devices based on functionality.
    The Selected devices list is updated automatically.
  4. Enter the Certificate Details.
    Table 2. Field descriptions for the Certificate Details
    Field Description
    *Certificate Type From the dropdown list, select the file type of the certificate to be pushed. The supported certificate types are:
    • PEM (*.crt)
    • PEM (*.cer)
    • PEM (*.pem)
    • JKS (*.jks)
    • JKS (*.keystore)
    • PEM (Extensionless)
    • JKS (Extensionless).
    Truststore Location

    In the Truststore Location field, enter the path to the location on your local system where the truststore file, for the certificates to be pushed, is stored.

    Note: The alias names of JKS certificates in the truststore follow the format: <common name>_<thumbprint> of the certificate.
    Truststore password

    Enter the password required to access the truststore file for the JKS certificate to be pushed.

    Note: This field is displayed for the JKS certificates.
    Enable Truststore Update This field is displayed for all PEM certificate types.

    Click the radio button to enable the Update System TrustStore option for root and intermediate certificates.

    Note: By default, this option is disabled.
    Note: The toggle button will be enabled by default for Linux devices if it is activated in the Device Settings under the CERT+ > ADMINISTRATION > Device Management > Server > Device Settings <> Vendor Specific Details section > Update System TrustStore.
    Certificate Ownership & Permission Enable the toggle button to customize the certificate ownership and define the file permissions for the certificates.
    Note: The toggle button will be enabled by default for Linux devices if it is activated in the Device Settings under the CERT+ > ADMINISTRATION > Device Management > Server > Device Settings <> Vendor Specific Details section > Certificate Ownership & Permission.
    Field descriptions for the Certificate Ownership & Permission Details
    Table 3. Field descriptions for the Certificate Ownership & Permission Details
    Field Description
    Owner Enter the username for certificate ownership on the target device.
    Owner Permission Select the owner permission level from the dropdown list.
    • Read (r)
    • Read-Write (rw)
    • Read-Write-Execute (rwx).
    User Group Enter name of the user group that requires access to the certificate.
    User Group Permission Select the group permission level from the dropdown list.
    • Read (r)
    • Read-Write (rw)
    • Read-Write-Execute (rwx).
    Other User Permission Select the other user permission level from the dropdown list.
    • Read (r)
    • Read-Write (rw)
    • Read-Write-Execute (rwx).
  5. Enter the Push Details.
    Table 4. Field descriptions for the Push Details
    Field Description
    *Script Location Script files are commonly used to perform certain tasks required to be completed before and/or after a certificate is pushed to the target system.

    The script to be run before the certificate is pushed is called a pre-push script and the script to be run after the push is called a post-push script.

    From the following options, select the location of the script file(s):

    • In AppViewX
    • In Device.
    Pre - Push Script File Name Enter the file name of the pre-push script.
    Important: Read the pre and push script usage instructions here.
    Pre - Push Script File Path This field is displayed when Script Location = In Device.
    Enter the location on your local system where the pre-push script file is stored.
    Important: Read the pre and push script usage instructions here.
    Post - Push Script File Name
    Enter the file name of the post push script.
    Important: Read the pre and push script usage instructions here.
    Post - Push Script File Path This field is displayed when Script Location = In Device.
    Enter the location on your local system where the post-push script file is stored.
    Important: Read the pre and push script usage instructions here.
    Push Automatically To automatically push the certificate after it is renewed/reissued to the target system, enable this checkbox.
  6. Click Save.
    The connector is displayed on the certificate holistic view.