Skip to content

Provision certificates to machines

TLS Protect Cloud can provision certificates directly to certificate keystores of machines that are defined. If you've not yet created the machine to which you want to provision the certificate, start there first. Otherwise, follow the steps below.

Before you begin

Important

To provision certificates to a machine, you need the minimum required permissions of the Resource Owner role. Your PKI administrator must enable these permissions. You also need to own the certificate you want to provision.

Note

Only certificates with an associated private key can be provisioned. Certificates must have the status of "new" or "installed"; otherwise, the provisioning will fail.

Depending on the type of machine you are provisioning to, follow the instructions below.

Batch Provisioning

Batch provisioning enables the simultaneous provisioning of multiple installations in a single operation.

  1. In the TLS Protect Cloud toolbar, click Installations and select Machines from the drop-down menu.
  2. Select the machine name that you want to perform a provision on.
  3. Click the Provision Now tab for the machine. This will provision all the installations associated with the machine.
  4. You will see a message below the machine name that indicates the date and time your provision was started. You must refresh the page to see if the provision is completed. This message will update to let you know when the provision is completed.

Note

You have the option to Abort Provisioning. If you wish to halt the provisioning process before completion, click this button. A message will appear indicating that batch provisioning has been aborted and may take some time to finalize.

Set up Machine Provision Schedule

  1. In the TLS Protect Cloud toolbar, click Installations and select Machines from the drop-down menu.
  2. Select the machine name that you want to perform a provision on.
  3. Click the Provisioning tab for the machine.
  4. Scroll to the bottom of the page and activate the Machine Provisioning Schedule by clicking toggle the toggle switch to turn it on.
  5. Under Repeat every, select your desired daily, weekly, or monthly schedule. Then, choose your desired time.
  6. Click Save.

Note

Current local time is in UTC.

Note

This schedule is designed to work best when configured alongside the application auto-renewal schedule. It provisions only if there’s a certificate queued for deployment, ensuring coordinated updates. To use it effectively, configure the auto-renewal first. The machine then overrides the "immediate" push from auto-renewal, scheduling it at the specified time. While this schedule primarily operates in tandem with application auto-renewal, it may also be used in other cases, such as for manual pushes. To learn more about application auto-renewal, see Configure Auto-renewal