Configure Certificate Automation

CMP configuration includes you confirming the scope of compliance with the CMP protocols that you can deploy, based on the capabilities of the external CAs with which you work. The SBC offers significant and evolving compliance with this protocol.

Before configuring certificate automation:

  1. Establish the scope and timing you intend to implement for automated certificate management.
  2. Identify external CA servers with which you are implementing your deployment.
  3. Confirm that the system displays the Superuser mode.
  4. Enable the Certificate Management Protocol (CMP) entitlement.
  5. Optionally, on the system-config element, set secure-certificate-mode to enabled.
This feature establishes automation within your certificate management process. You do this by establishing your CMP-specific configuration and then applying it to existing infrastructure elements. Configuration begins from the cmp branch, from which you can access the following configuration elements:
  • cmp-global-config
  • cmp-server
  • cmp-server-group
  • cmp-profile
  • tls-profile: Enter the name, configured in the applicable cmp-profile to the cmp-profile parameter of each applicable tls-profile.

Follow the steps below to access the cmp branch:

  1. Access the security branch.
    ORACLEconfigure terminal
    ORACLE(configure)# security
    ORACLE(security)# 
  2. Access the cmp configuration branch.
    ORACLE(security)# cmp
  3. Enter a question mark or press the tab key to confirm the elements within the cmp branch.
    ORACLE(cmp)# ?
    cmp-global-config     configure global CMP parameters.
    cmp-server            configure CMP server parameters.
    cmp-server-group      configure a group of cmp-server(s) configuration element(s).
    cmp-profile           configure CMP parameters applicable to a particular certificate-record. 
Configure each element according to your deployment, referring to the ensuing task documentation.