[Index]

Model: data/Certificate

Certificates

Full HTML Help

Tip

Use the Action search to navigate Automate

Create a self-signed or 3rd party certificate for SSO

This procedure creates a self-signed or third-party-signed system certificate to use when setting up Single Sign-On (SSO) on the web proxy node on Automate.

Note

  1. Log in as system administrator.

  2. Go to the Certificates page.

  3. Click Add.

  4. On the Base tab, configure the following:

  5. On the Certificate Information tab, configure the following:

    Field Description
    Common Name * Enter the FQDN for your server.
    Country Code * A two-digit country code
    State * An appropriate country subdivision
    City * Your city
    Organization * Your organization
    Organization Unit Your organization subunit

  1. Click Save.

    Note

    If you created a self-signed certificate, you can exit this procedure. If you requested a third-party-signed certificate, continue with the next steps.

  2. On the Certificates list view, select the third-party-signed certificate you created.

  3. From the toolbar overflow menu, select Export Certificate Request, then follow your organization's procedures to obtain the third-party signature for the certificate.

  4. On the Certificates list view, select the certificate, then from the toolbar overflow menu, select Upload Signed Certificate.

  5. Browse to the signed certificate, then click OK.

Renew single sign-on certificate for VOSS Automate

If a customer's single sign-on certificate expires, this procedure renews the certificate for Automate.

  1. Regenerate the certificate (either self-signed or CA signed) as described in Create a self-signed or 3rd party certificate for SSO.

  2. Regenerate and upload SP metadata to the IdP described in SSO SP Settings.

    Note

    If an expired SSO certificate is being renewed and the IdP metadata has not changed, then the download, configure, and upload of the IdP metadata is not required and these steps can be ignored.

Generate a certificate for application registration

Full HTML Help

MICROSOFT

Tip

Use the Action search to navigate Automate

This procedure generates a certificate in Automate that you can use for application registration for Microsoft tenants.

  1. Go to the Certificates page.
  2. Select the relevant Customer hierarchy.
  3. Click the Plus icon (+) to add a new certificate.
  4. On the Certificate Management > New Record page, fill out at least the mandatory fields:
  5. Save your changes to create the new certificate. A number of fields are auto-populated when the certificate is generated. The image shows an example:
  6. Once the transaction completes, view your new certificate in the list view of the Certificates page.
  7. Select the certificate, then, from the toolbar overflow menu, select Export Public Key, and save the exported file to your local computer or to a network location.
  8. Upload the certificate you saved, to Microsoft Entra.

Used to generate self-signed certificates or creating certificate requests to be signed by a third-party certificate authority.

Model Details: data/Certificate

Title Description Details
Name * A textual identifier for the certificate.
  • Field Name: name
  • Type: String
Description Documents the purpose of this certificate.
  • Field Name: description
  • Type: String
PFX File PFX file to import.
  • Field Name: pfx_file
  • Type: String
PFX File Password Password for PFX file to import.
  • Field Name: pfx_file_password
  • Type: String
  • Is Password: True
Thumbprint Thumbprint of this certificate.
  • Field Name: thumbprint
  • Type: String
Generate Certificate Signing Request If true, indicates that the system will generate a certificate signing request that can be signed by a third-party CA. If false, the system will generate a self-signed root certificate.
  • Field Name: certificate_request
  • Type: Boolean
Generated On The date and time when the certificate was generated. Ignored when "Generate Certificate Signing Request" is true.
  • Field Name: generation_date
  • Type: String
Valid From Time when the certificate starts to be valid. This is the number of seconds from when the certificate is generated. Ignored when "Generate Certificate Signing Request" is true.
  • Field Name: valid_from
  • Type: Integer
Valid To How long the certificate will be valid for from the time of generation. The value is in seconds. Default is 315360000 seconds (10 years). Ignored when "Generate Certificate Signing Request" is true. Default: 315360000
  • Field Name: valid_to
  • Type: Integer
  • Default: 315360000
Expires The expiry date of the certificate.
  • Field Name: expiry_date
  • Type: String
  • Format: date-time
Serial Number Serial number for the certificate as an integer.
  • Field Name: serial_number
  • Type: String
Key Length Length of the key to be generated. Default: 2048
  • Field Name: key_length
  • Type: Integer
  • Default: 2048
Hashing Algorithm Hashing algorithm to use for the key. Default: sha256
  • Field Name: hash_algorithm
  • Type: String
  • Default: sha256
  • Choices: ["sha256"]
Private Key File Reference An internal reference for the generated private key file. This file will never be exposed to users, including administrators with the highest privileges.
  • Field Name: key_file_reference
  • Type: String
Certificate File Reference An internal reference to the certificate file that is generated internally or uploaded authorized users. This certificate is generated automatically when "Generate Certificate Signing Request" is false. The CA-signed certicate must be uploaded manually when "Generate Certificate Signing Request" is true. This file will never be exposed to users, including administrators with the highest privileges.
  • Field Name: cert_file_reference
  • Type: String
Certificate Request File Reference An internal reference to the generated certificate signing request file, when "Generate Certificate Signing Request" is true. This file will never be exposed to users, including administrators with the highest privileges.
  • Field Name: csr_file_reference
  • Type: String
Certificate Information Contains information about the certificate.
  • Field Name: certificate_info
  • Type: Object
Common Name * Must match the host being authenticated.
  • Field Name: certificate_info.common_name
  • Type: String
Country Code * Two letter description of the country.
  • Field Name: certificate_info.country_code
  • Type: String
  • MaxLength: 2
State * Name of the state.
  • Field Name: certificate_info.state
  • Type: String
City * Name of the city.
  • Field Name: certificate_info.city
  • Type: String
Organization * For example, a company name.
  • Field Name: certificate_info.organization
  • Type: String
Organization Unit A unit at the organization. For example, a department of a company.
  • Field Name: certificate_info.organization_unit
  • Type: String