Pushing a Server Certificate to a Device
-
Go to
(Menu) > CERT+ > CERTIFICATE ACTION >
Push to Device > Server.
The Server Certificate page is displayed. -
To push a certificate, under Common Name, click the required certificate.
The certificate topology view is displayed.
-
Click Push to Device. The Push to Device option will be shown if
the app connector is already added to the certificate otherwise add the app connector and
then proceed.
Note:
- Only server certificates that include their private keys will be eligible for push
operations to cloud connectors.
After push, during subsequent discovery, when the CC machine is healthy and discovery returns the pushed certificate, the pushed AppConnector should be in Sync status, else the associated AppConnector must be transitioned to an Out of Sync status.
If a new certificate is pushed to the gateway while the old certificate for the AppConnector still exists in the inventory, then after the next discovery, the AppConnector must move to Out of Sync status for the old certificate.
- Endpoint CSR generation is not supported for cloud connectors.
- The Push to Device option is displayed only after an app connector is added to certificate.
The Confirmation dialog box is displayed. - Only server certificates that include their private keys will be eligible for push
operations to cloud connectors.
- Enter your comments, if required, in the text field.
-
Click OK.
- The approval process is triggered. The current flow is based on the default policy of two-level approvals.
- A request ID and work order ID are generated automatically and the work order status is displayed alongside the connector in the certificate topology view.
- To approve the push request, from the certificate topology view, click Approve.
-
In the Confirmation dialog box:
- In the Manual Implementation field, to choose the mode of implementation, use the On/Off toggle.
- If you select Off, set the date and time to schedule the certificate push.
- Enter your comments in the text field and click Yes.
The work order status displayed beside the connector updates to Push-Review In Progress. - To implement the push request, from the certificate topology view, click Implement.
-
In the Confirmation dialog box:
- In the Manual Implementation field, to choose the mode of implementation, use the On/Off toggle.
- If you select Off, set the date and time to schedule the certificate push.
- Enter your comments in the text field and click Yes.
The push action is triggered. After the push action is completed, the status updates to Completed.To refresh the certificate topology view, from the top-right corner of the screen, click Refresh.An automatic HTTPS-based verification job is run at regular intervals to validate that certificates are correctly installed after the push operations triggered between the intervals; the system compares served certificates with the expected ones across all associated IP:ports. The data gathered by this job is used to create the Push Validation Report that highlights the proportion of successful versus failed push operations, providing a quick view of overall push reliability.
Color Codes Status
| Color | Description |
|---|---|
| Green | The certificate is available and valid. |
| Red | .The certificate has expired |
| Gray | Certificate push action failed. |
| Blue | The certificate will expire in 90 days. |
| Yellow | The certificate will expire in 30 days. |
| Orange | The certificate will expire in 10 days. |
| Black | The certificate has been revoked. |
| Mid Purple | The certificate associated with profiles is manually removed. |
What's Next
- To set up expiry alerts and be notified of certificate statuses, see Configuring Expiry Alerts.
