This document provides information about the Publishing profiles report screen, which displays information about all publishing profiles supported by Segura.
Path to access
- On Segura, in the navigation bar, hover over the Products menu and select Certificate Manager.
- In the side menu, select Publishing > Publishing profiles.
Actions menu
Item |
Type |
Description |
Actions |
Dropdown menu |
Displays the options: Print report, Export CSV, Schedule report, and the following plugins: Apache, Nginx, IIS, Tomcat, F5 BigIP, IBM Websphere, Palo Alto, Windows, Kubernetes, and NetScaler. |
Search fields
Item |
Type |
Description |
ID |
Text field |
Filters all plugins by the ID. |
Profile name |
Text field |
Filters all plugins by the plugin’s name. |
Profile type |
Dropdown menu |
Filters all plugins by the plugin’s type. The options are: Apache, Nginx, IIS, Tomcat, F5 BigIP, IBM Websphere, Palo Alto, Windows, Kubernetes, and NetScaler. |
Status |
Dropdown menu |
Filters all plugins by the status. The options are: Inactive and Active. |
Report fields
- ID.
- Profile name.
- Profile type.
- Server: displays the devices connected to the profile.
- Status.
- Actions:
- Edit: opens the Add a publishing profile along with the tabs of the respective publishing profile.
- Enable/Disable: displays a pop-up to confirm the activation or deactivation of the profile.
Info
By default, the report displays 30 records per screen. To go to the next screen, click the forward buttons at the end of the report.
Add publishing profile
This section provides information about the Settings, Servers, and Review tabs that are shared between all publishing profiles.
Settings tab
Item |
Type |
Required |
Description |
Profile name * |
Text field |
Yes |
Profile name. |
Credential for execution
Item |
Type |
Required |
Description |
Use a registered credential to access all devices |
Checkbox |
No |
Use a registered credential to access all devices. |
Access credential registered in the system |
Dropdown menu |
No |
Access credential. This field is only unlocked if the checkbox Use a registered credential to access all devices is checked. |
Credential username |
Text field |
No |
Username of the credential that the profile will run. |
Servers tab
Item |
Type |
Required |
Description |
Add / Remove selected |
Button |
No |
Add or remove the selected devices. |
Devices table |
Table |
No |
The fields of the table are: ID, Device name, Management, Type, Vendor, Product, Site, and Tag. |
ID |
Text field |
No |
Device’s ID. |
Device name |
Text field |
No |
Device’s name. |
Management |
Text field |
No |
Device’s IP. |
Type |
Text field |
No |
Device’s type. |
Vendor |
Text field |
No |
Device’s vendor. |
Product |
Text field |
No |
Device’s product. |
Site |
Text field |
No |
Device’s site. |
Tag |
Text field |
No |
Device’s tag. |
Review tab
Use the Review tab to check all the information entered in the previous tabs.
Publishing profiles
This section provides information about the configuration tab of each publishing profile.
Apache
Apache plugin configuration
Item |
Type |
Required |
Description |
Site |
Text field |
Yes |
Nome do site para o qual o certificado SSL será aplicado. |
Configuration file path |
Text field |
Yes |
Caminho para o arquivo de configuração do site no Apache. Por exemplo: /etc/apache2/sites-available/exemplo.conf para sistemas baseados em Linux. Se o arquivo de configuração não for fornecido, o certificado será instalado no site padrão do Apache. |
Port |
Text field |
Yes |
Porta usada para conexões HTTPS. A porta padrão é 443. |
Nginx
Nginx plugin configuration
Item |
Type |
Required |
Description |
Site |
Text field |
No |
Name of the website for which the SSL certificate will be applied. |
Configuration file path |
Text field |
No |
Path to the configuration file in Nginx. For example: etc/nginx/sites-available/exemplo.conf . If the configuration file is not provided, the certificate will be installed on the default Nginx website. |
Port |
Text field |
No |
Port used for HTTPS connections. The default port is 443. |
Delete password file after publication (if the file exists) |
Dropdown menu |
No |
Indicates whether the file containing the password used to publish the certificate should be deleted after the process is complete. The options are: Yes and No. |
Use sudo? |
Checkbox |
No |
Uses the sudo command. |
IIS
IIS plugin configuration
Item |
Type |
Required |
Description |
Access port WinRM |
Text field |
No |
Port number used to connect via Windows Remote Management (WinRM). Port 5985 for WinRM HTTP, and port 5986 for WinRM HTTPS. |
Site name |
Text field |
No |
Name of the website for which the SSL certificate will be applied. |
Site port |
Text field |
No |
Port used for HTTPS connections. The default port is 443. |
Certstore name |
Text field |
No |
Name of the Windows certificate store used by your website where the SSL certificate will be stored. |
Tomcat
Tomcat plugin configuration
Item |
Type |
Required |
Description |
Keystore name |
Text field |
No |
Name of the keystore where SSL certificates will be stored. |
Alias certificate |
Text field |
No |
Unique identifier for the certificate within the keystore. |
Password keystore |
Dropdown menu |
No |
Password required to access and modify the keystore. |
Way of the intermediate certificate |
Text field |
No |
Path to the intermediate certificate file if needed to complete the certification chain. |
Configuration file path (server.xml) |
Text field |
No |
Path to the Tomcat’s server.xml file where SSL settings are defined. |
Tomcat version |
Dropdown menu |
No |
Version of Tomcat that the server is running. |
F5 BigIP
F5 BigIP plugin configuration
Item |
Type |
Required |
Description |
Certificate Name |
Text field |
No |
Certificate’s name. If there’s another certificate with the same name, it will be replaced. |
Port for access via SOAP (F5 / BigIP) |
Text field |
No |
Port number used to access the F5 SOAP API, typically the default port for SOAP communication configured on the F5 device. |
Synchronization group |
Text field |
No |
Name of the group used to synchronize settings between F5 devices. |
Force overwrite? |
Checkbox |
No |
Option that determines whether existing settings should be overwritten. |
Delete existing profiles in VIP? |
Checkbox |
No |
Indicates whether existing SSL profiles on the Virtual IP (VIP) should be removed before applying new ones. |
Partitions |
Table |
No |
Name(s) of the partitions in F5 where the settings will be applied. |
SSLClient profiles |
Table |
No |
Name of SSL profiles configured for client-to-server traffic. |
SSLServer profiles |
Table |
No |
Name of SSL profiles configured for server-to-client traffic. |
IBM Websphere
IBM Websphere plugin configuration
Item |
Type |
Required |
Description |
SSH port |
Text field |
No |
Port number used to connect to the IBM WebSphere server. |
Label Certificate |
Text field |
No |
Unique identifier of the certificate within the keystore. |
Path keystore (KDB) |
Text field |
No |
Path to the keystore file (KDB) where certificates are stored. |
Stashed password? |
Checkbox |
No |
Indicates whether the keystore password is "stashed" (stored securely), allowing access without manual entry. |
Password keystore |
Dropdown menu |
No |
Password used to access the keystore, if not stashed. |
Path of app_server_root websphere |
Text field |
No |
Path to the WebSphere application server root directory. |
Standard certificate? |
Checkbox |
No |
Indicates whether the certificate being configured should be set as the default for the server. |
Restart services after publication |
Table |
No |
Specifies whether the WebSphere service should be automatically restarted after a new certificate is published to apply the changes. |
Palo Alto
Configuration for Palo Alto plugin
Item |
Type |
Required |
Description |
SSL/TLS profile |
Text field |
No |
If the SSL/TLS profile name is new, a new profile will be created. Otherwise, the settings may be changed. |
Min version |
Dropdown menu |
No |
Sets the oldest version of the TLS protocol that can be accepted. |
Max version |
Dropdown menu |
No |
Sets the latest version of the TLS protocol that can be accepted. |
Windows
Configuration for Windows plugin
Item |
Type |
Required |
Description |
Store location |
Dropdown menu |
No |
Location of the certificate store in Windows. For example: CurrentUser or LocalMachine . |
Certstore name |
Dropdown menu |
No |
Name of the repository where the certificate will be stored. For example: My or Root . |
Port for access for WinRM |
Text field |
No |
Port number used to connect via Windows Remote Management (WinRM). Port 5985 for WinRM HTTP, and port 5986 for WinRM HTTPS. |
Set password |
Checkbox |
No |
Indicates whether a password will be manually configured for the certificate. |
Certificate password |
Dropdown menu |
No |
Password for using the certificate registered in PAM. |
Manual input password |
Text field |
No |
Allows you to manually enter the password when configuring or accessing the certificate. The field is only available if the Set Password checkbox is checked. |
Kubernetes
Configuration for Kubernetes plugin
Secrets
Item |
Type |
Required |
Description |
Secret |
Text field |
No |
Name of the Kubernetes secret that stores sensitive data such as certificates. |
Namespace |
Text field |
No |
The Kubernetes namespace where the secret or configurations will be applied. It organizes and separates resources within a cluster. |
Automatic redeploy
Item |
Type |
Required |
Description |
Type |
Text field |
No |
The type of Kubernetes resource, such as Deployment, StatefulSet, DaemonSet, that should be automatically redeployed after the changes. |
Name |
Text field |
No |
The specific name of the resource that will be redeployed. |
Namespace |
Text field |
No |
The namespace where the resource is located, and will be redeployed. |
NetScaler
Configuration for NetScaler plugin
Item |
Type |
Required |
Description |
File path to save the certificate |
Text field |
No |
Path on the Netscaler system where the SSL certificate will be saved. Defines the location where the certificate is stored for use in SSL configuration. |