Skip to content

Create a new machine

Creating a machine allows Certificate Manager - SaaS to connect directly to keystores where applications keep their certificates. Certificate Manager - SaaS can then install certificates into application keystores. When the certificates are used by an application, a machine identity is created.

From Certificate Manager - SaaS, you can manage the entire machine identity lifecycle—from key generation to certificate issuance to TLS server endpoints.

Important

To create a machine, you need the minimum required permissions of the Resource Owner role. Your PKI administrator must enable these permissions.

To create a new machine

  1. Sign in to Venafi Control Plane.
  2. Click Installations > Machines.
  3. Click New.
  4. Enter a Name for the new machine. This name will help Certificate Manager - SaaS users to identify this machine.
  5. Select an Owning Team. If you need to create a new team see, create a new team.

  6. Select a VSatellite. If you don't currently have a VSatellite, deploy a VSatellite first, and then return to this page.

    • To enable high availability for machine operations, select a primary VSatellite that is part of an HA group. The system will automatically use any healthy VSatellite in that group to start machine-related operations. Learn more

  7. Select the Machine type you want to create, and then click Next.

  8. From the list below, select the type of machine you're creating to view the specific instructions for that type:

Citrix ADC Cloudflare Common KeyStore F5 BIG IP LTM Imperva WAF Microsoft IIS Microsoft Windows (Powershell) VMware NSX (AVI) Microsoft SQL Server

Set up a new machine discovery schedule

  1. From the CAPI Store drop down, select the certificate store you want the certificate installed in.
  2. Click the Exclude Expired toggle switch toggle to exclude discovery of expired certificates associated with this new machine.
  3. Click the Exclude Inactive toggle switch toggle to exclude discovery of inactive certificates associated with this new machine.
  4. Click the Schedule toggle switch toggle to enable machine discovery scheduling with this new machine.
  5. Under Repeat every, select your desired daily, weekly, or monthly schedule. Then, choose your desired time. !!! note The Schedule toggle switch toggle must be enabled to configure machine discovery scheduling timeframes.
  6. Click Continue.

Note

Current local time is in UTC.

Set up a new machine provisioning schedule

  1. Click the Schedule toggle switch toggle to enable machine discovery scheduling with this new machine.
  2. Under Repeat every, select your desired daily, weekly, or monthly schedule. Then, choose your desired time. !!! note The Schedule toggle switch toggle must be enabled to configure machine discovery scheduling timeframes.
  3. Click Finish.

Note

Current local time is in UTC.