Publishing profiles

Prev Next

This document provides information about the Publishing profiles report screen, which displays information about all publishing profiles supported by Segura.

Path to access

  1. On Segura, in the navigation bar, hover over the Products menu and select Certificate Manager.
  2. In the side menu, select Publishing > Publishing profiles.

Actions menu

Item Type Description
Actions Dropdown menu Displays the options: Print report, Export CSV, Schedule report, and the following plugins: Apache, Nginx, IIS, Tomcat, F5 BigIP, IBM Websphere, Palo Alto, Windows, Kubernetes, and NetScaler.

Search fields

Item Type Description
ID Text field Filters all plugins by the ID.
Profile name Text field Filters all plugins by the plugin’s name.
Profile type Dropdown menu Filters all plugins by the plugin’s type. The options are: Apache, Nginx, IIS, Tomcat, F5 BigIP, IBM Websphere, Palo Alto, Windows, Kubernetes, and NetScaler.
Status Dropdown menu Filters all plugins by the status. The options are: Inactive and Active.

Report fields

  • ID.
  • Profile name.
  • Profile type.
  • Server: displays the devices connected to the profile.
  • Status.
  • Actions:
    • Edit: opens the Add a publishing profile along with the tabs of the respective publishing profile.
    • Enable/Disable: displays a pop-up to confirm the activation or deactivation of the profile.
Info

By default, the report displays 30 records per screen. To go to the next screen, click the forward buttons at the end of the report.

Add publishing profile

This section provides information about the Settings, Servers, and Review tabs that are shared between all publishing profiles.

Settings tab

Item Type Required Description
Profile name * Text field Yes Profile name.

Credential for execution

Item Type Required Description
Use a registered credential to access all devices Checkbox No Use a registered credential to access all devices.
Access credential registered in the system Dropdown menu No Access credential. This field is only unlocked if the checkbox Use a registered credential to access all devices is checked.
Credential username Text field No Username of the credential that the profile will run.

Servers tab

Item Type Required Description
Add / Remove selected Button No Add or remove the selected devices.
Devices table Table No The fields of the table are: ID, Device name, Management, Type, Vendor, Product, Site, and Tag.
ID Text field No Device’s ID.
Device name Text field No Device’s name.
Management Text field No Device’s IP.
Type Text field No Device’s type.
Vendor Text field No Device’s vendor.
Product Text field No Device’s product.
Site Text field No Device’s site.
Tag Text field No Device’s tag.

Review tab

Use the Review tab to check all the information entered in the previous tabs.

Publishing profiles

This section provides information about the configuration tab of each publishing profile.

Apache

Apache plugin configuration

Item Type Required Description
Site Text field Yes Nome do site para o qual o certificado SSL será aplicado.
Configuration file path Text field Yes Caminho para o arquivo de configuração do site no Apache. Por exemplo: /etc/apache2/sites-available/exemplo.conf para sistemas baseados em Linux. Se o arquivo de configuração não for fornecido, o certificado será instalado no site padrão do Apache.
Port Text field Yes Porta usada para conexões HTTPS. A porta padrão é 443.

Nginx

Nginx plugin configuration

Item Type Required Description
Site Text field No Name of the website for which the SSL certificate will be applied.
Configuration file path Text field No Path to the configuration file in Nginx. For example: etc/nginx/sites-available/exemplo.conf. If the configuration file is not provided, the certificate will be installed on the default Nginx website.
Port Text field No Port used for HTTPS connections. The default port is 443.
Delete password file after publication (if the file exists) Dropdown menu No Indicates whether the file containing the password used to publish the certificate should be deleted after the process is complete. The options are: Yes and No.
Use sudo? Checkbox No Uses the sudo command.

IIS

IIS plugin configuration

Item Type Required Description
Access port WinRM Text field No Port number used to connect via Windows Remote Management (WinRM). Port 5985 for WinRM HTTP, and port 5986 for WinRM HTTPS.
Site name Text field No Name of the website for which the SSL certificate will be applied.
Site port Text field No Port used for HTTPS connections. The default port is 443.
Certstore name Text field No Name of the Windows certificate store used by your website where the SSL certificate will be stored.

Tomcat

Tomcat plugin configuration

Item Type Required Description
Keystore name Text field No Name of the keystore where SSL certificates will be stored.
Alias certificate Text field No Unique identifier for the certificate within the keystore.
Password keystore Dropdown menu No Password required to access and modify the keystore.
Way of the intermediate certificate Text field No Path to the intermediate certificate file if needed to complete the certification chain.
Configuration file path (server.xml) Text field No Path to the Tomcat’s server.xml file where SSL settings are defined.
Tomcat version Dropdown menu No Version of Tomcat that the server is running.

F5 BigIP

F5 BigIP plugin configuration

Item Type Required Description
Certificate Name Text field No Certificate’s name. If there’s another certificate with the same name, it will be replaced.
Port for access via SOAP (F5 / BigIP) Text field No Port number used to access the F5 SOAP API, typically the default port for SOAP communication configured on the F5 device.
Synchronization group Text field No Name of the group used to synchronize settings between F5 devices.
Force overwrite? Checkbox No Option that determines whether existing settings should be overwritten.
Delete existing profiles in VIP? Checkbox No Indicates whether existing SSL profiles on the Virtual IP (VIP) should be removed before applying new ones.
Partitions Table No Name(s) of the partitions in F5 where the settings will be applied.
SSLClient profiles Table No Name of SSL profiles configured for client-to-server traffic.
SSLServer profiles Table No Name of SSL profiles configured for server-to-client traffic.

IBM Websphere

IBM Websphere plugin configuration

Item Type Required Description
SSH port Text field No Port number used to connect to the IBM WebSphere server.
Label Certificate Text field No Unique identifier of the certificate within the keystore.
Path keystore (KDB) Text field No Path to the keystore file (KDB) where certificates are stored.
Stashed password? Checkbox No Indicates whether the keystore password is "stashed" (stored securely), allowing access without manual entry.
Password keystore Dropdown menu No Password used to access the keystore, if not stashed.
Path of app_server_root websphere Text field No Path to the WebSphere application server root directory.
Standard certificate? Checkbox No Indicates whether the certificate being configured should be set as the default for the server.
Restart services after publication Table No Specifies whether the WebSphere service should be automatically restarted after a new certificate is published to apply the changes.

Palo Alto

Configuration for Palo Alto plugin

Item Type Required Description
SSL/TLS profile Text field No If the SSL/TLS profile name is new, a new profile will be created. Otherwise, the settings may be changed.
Min version Dropdown menu No Sets the oldest version of the TLS protocol that can be accepted.
Max version Dropdown menu No Sets the latest version of the TLS protocol that can be accepted.

Windows

Configuration for Windows plugin

Item Type Required Description
Store location Dropdown menu No Location of the certificate store in Windows. For example: CurrentUser or LocalMachine.
Certstore name Dropdown menu No Name of the repository where the certificate will be stored. For example: My or Root.
Port for access for WinRM Text field No Port number used to connect via Windows Remote Management (WinRM). Port 5985 for WinRM HTTP, and port 5986 for WinRM HTTPS.
Set password Checkbox No Indicates whether a password will be manually configured for the certificate.
Certificate password Dropdown menu No Password for using the certificate registered in PAM.
Manual input password Text field No Allows you to manually enter the password when configuring or accessing the certificate. The field is only available if the Set Password checkbox is checked.

Kubernetes

Configuration for Kubernetes plugin

Secrets

Item Type Required Description
Secret Text field No Name of the Kubernetes secret that stores sensitive data such as certificates.
Namespace Text field No The Kubernetes namespace where the secret or configurations will be applied. It organizes and separates resources within a cluster.

Automatic redeploy

Item Type Required Description
Type Text field No The type of Kubernetes resource, such as Deployment, StatefulSet, DaemonSet, that should be automatically redeployed after the changes.
Name Text field No The specific name of the resource that will be redeployed.
Namespace Text field No The namespace where the resource is located, and will be redeployed.

NetScaler

Configuration for NetScaler plugin

Item Type Required Description
File path to save the certificate Text field No Path on the Netscaler system where the SSL certificate will be saved. Defines the location where the certificate is stored for use in SSL configuration.