Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Minor editorial

...

Expand
titleCert: Certificate Publication via CM

Description 

Use this task to trigger a republishing or unpublishing action for a specific certificate on the Nexus CM based on the configured publication procedure.

Configuration

To use this task, configure the following delegate expressing in your service task:

Code Block
${certificatesPublicationTask}

The following parameters can be configured in PRIME Designer:

ParameterMandatorySample ValueDescription
publicationProcedure

CertEP CA Certificate to AD (Enrollment Services)Publication procedure defined on the CM.
serialnumberField

Certificate_CertSerialName of the field containing the serial number in the datamap.
DataPoolName_Certificate

CertificateDatapool name of certificate.
serialNumberIsDecimal-true

Indicates that the serial number is in decimal format already.

If this field is set to "false" or left out, the serial number will be interpreted as hex format.



Expand
titleCertificatesCert: Create SCEP order request

Description 

Use this task to register or de-register Simple Certificate Enrollment Protocol (SCEP) order requests to Nexus Certificate Manager (CM).

The task will be executed on server identities and use some details of the server identities for creating order request. The task sends common name and password details for specified token procedure into CM, so that CM will later accept (in case of registration) or reject (in case of de-registration)  SCEP enrollment request from specified clients.

Configuration

To use this task, configure the following delegate expressing in your service task:

Code Block
${scepOrderRequestTask}

The following parameters can be configured in PRIME Designer:

ParameterMandatoryDefault valueDescription
certTemplate


Certificate template name which has token procedure and CM information.
commonName


Common name parameter defines the machine by its Fully Qualified Domain Name  (FQDN) for which the auto-enrollment will be processed. Domain name of the machine or server.

It is not possible to have multiple FDQN:s in one registration, that would have to be separate registrations. However, the FQDN does support wildcards, so you could specify the FQDN with something like "test-*.example.com"

enrollReg

 trueRegistration enrollment flag (true/false).
password


Password is used to verify SCEP enrollment requests sent by clients later. So it will be the same password which will be used by clients in SCEP enrollment request.

cpmState


This value decides whether this is a registration or a deregistration order request at CM.

Set to 1000 to trigger a registration, 1001 to trigger a deregistration

validity

Validity value of the request order, either "always" or the number of days. CM defaults to 'always' if not set.
emailAddress

Email address of the responsible person.
ipAddress

IP address of the server of machine.
serialNumber

Serial number of the device if available. It is not mandatory so it can be blank.


...