Pushing a Client Certificate to a Device

  1. Go to (Menu) > CERT+ > CERTIFICATE ACTION > Push to Device > Client.
    The Client Certificate page is displayed.
  2. To push a certificate, under Common Name, double click the required certificate.
    The certificate topology view is displayed.
  3. Click Push to Device. The Push to Device option will be shown if the app connector is already added to the certificate otherwise add the app connector and then proceed.
    Note: The Push to Device option is displayed only after an app connector is added to certificate.
    The Confirmation dialog box is displayed.
  4. Enter your comments, if required, in the text field.
  5. Click OK.
    • The approval process is triggered. The current flow is based on the default policy of two-level approvals.
    • A request ID and work order ID are generated automatically and the work order status is displayed alongside the connector in the certificate topology view.
  6. To approve the push request, from the certificate topology view, click Approve.
  7. In the Confirmation dialog box:
    1. In the Manual Implementation field, to choose the mode of implementation, use the On/Off toggle.
    2. If you select Off, set the date and time to schedule the certificate push.
    3. Enter your comments in the text field and click Yes.
    The work order status displayed beside the connector updates to Push-Review In Progress.
  8. To implement the push request, from the certificate topology view, click Implement.
  9. In the Confirmation dialog box:
    1. In the Manual Implementation field, to choose the mode of implementation, use the On/Off toggle.
    2. If you select Off, set the date and time to schedule the certificate push.
    3. Enter your comments in the text field and click Yes.
    The push action is triggered. After the push action is completed, the status updates to Completed.

    An automatic HTTPS-based verification job is run at regular intervals to validate that certificates are correctly installed after the push operations triggered between the intervals; the system compares served certificates with the expected ones across all associated IP:ports. The data gathered by this cron job is used to update the Push Validation Report that highlights the proportion of successful versus failed push operations, providing a quick view of overall push reliability.

Colour Codes Status

The topological view follows a colour codes scheme to identify certificate status.
Table 1. Full list of color codes and their descriptions
Colour Description
Green The certificate is available and valid.
Red The certificate has expired.
Gray Certificate push action failed.
Blue The certificate will expire in 90 days.
Yellow The certificate will expire in 30 days.
Orange The certificate will expire in 10 days.
Black The certificate has been revoked.
Mid Purple The certificate associated with profiles is manually removed.