Certificate Provisioning
Certificate Provisioning is a process in which a certificate is injected into a remote endpoint. Currently, Akeyless supports provisioning certificates to a Linux or a Windows endpoint utilizing Targets.
Any stored certificate can be provisioned through the Gateway, whereupon successful provisioning, future renewals of the certificate will be provisioned automatically.
Setting up certificate provisioning requires Target permissions on the Gateway.
Provisioning Permissions on TargetTo prevent partial files, the Gateway first saves new items (certificates, keys, etc.) in a temporary folder on your server, then atomically renames them into the final paths you specify. Ensure the temporary folder is writable by the user defined in the Target.
Provisioning a certificate using the Akeyless CLI
Run the following CLI command to provision a certificate:
akeyless assoc-target-item \
--name <Certificate name> \
--target-name <Target Name> \
--gateway-url 'https://<Your-Akeyless-GW-URL:8000>' \
--certificate-path <Where to save the certificate> \
--post-provision-command <"echo Akeyless">
Where:
-
name
: The Certificate item name. -
target-name
The Target item name, to provision the certificate. -
gateway-url
: Akeyless Gateway Configuration Manager URL (port8000
). -
certificate-path
:A path on the Target to save the certificate PEM file can be used as well withchain-path
andprivate-key-path
flags to save those on different locations. -
post-provision-command
: Optional, a custom command to run on the remote target after successful provisioning e.g. restarting a service.
You can find the complete list of additional parameters for this command in the CLI Reference - Encryption Keys section.
Provisioning a certificate using the Akeyless Console
- Log in to the Akeyless Console, and go to Items, find the certificate you wish to provision.
- Click on the Certificate item, click on the Provisioning tab, and then Attach.
- Enter the following parameters:
-
Target Name - Choose an existing Target from the drop-down list to select the existing SSH / Windows Target.
-
Gateway - Choose an existing Gateway from the drop-down list to select the relevant Gateway.
-
Certificate Remote Path - The path where the certificate will be provisioned to in the remote machine.
-
Private Key Remote Path - A path on the target to store the private key.
-
Certificate Chain Path - A path on the target to store the full chain.
-
Post Provision Command - A custom command of your choice that will be executed on the remote machine as part of the provisioning process.
Updated 14 days ago