Loading...

Client Certificate Administration Workflow

Client Certificate Administration is a predefined workflow which allows you to manage client certificates and licenses for client computers in your CommCell environment.

You can use the workflow to perform the following operations:

  • Create placeholders for new clients (This operation is also known as creating dummy clients or preconfiguring client computers)
  • Create, revoke, or renew certificates for specific client computers
  • Delete deconfigured client computers (These are unlicensed clients which you chose to retire from your CommCell environment)
  • Release the license from specific client computers (This operation is also known as deconfiguring clients that you plan to retire from your CommCell environment)

Download this workflow from the Software Store. For instructions, see Download Workflows from Software Store.

How Does It Work?

If you choose to create placeholders for new clients, the workflow performs the following tasks:

  1. Reads the text file that you provided, which contains the computer name and host name of the clients to be created.
  2. Creates a placeholder for each client listed in the text file, and adds the placeholder in the Client Computers node of the CommCell Browser.
  3. Creates temporary client certificates for each client, and stores each certificate in a text file on the CommServe computer. The directory where the certificates are stored is specified during the workflow execution.
  4. If you choose to receive a copy of the client certificates, the workflow sends each certificate in a separate email.
  5. Sends an email with the lists of clients that were created.

If you choose to create, revoke, or renew certificates for specific client computers, the workflow performs the following tasks:

  1. Reads the text file that you provided, which contains the names of the client computers.
  2. Based on the operation you selected, the workflow creates, revokes, or renews certificates for the clients listed in the text file.
  3. If you selected to create temporary certificates, the workflow performs the following tasks:
    • Creates temporary client certificates for each client, and stores each certificate in a text file on the CommServe computer. The directory where the certificates are stored is specified during the workflow execution.
    • If you choose to receive a copy of the client certificates, the workflow sends each certificate in a separate email.
  4. Sends an email which indicates the results of the operation.

If you choose to delete deconfigured client computers, the workflow performs the following tasks:

  1. Reads the text file that you provided, which contains the names of deconfigured clients.
  2. Deletes the clients from the CommCell Browser window of the CommCell Console.
  3. Sends an email which indicates the results of the operation.

If you choose to release the license from specific client computers, the workflow performs the following tasks:

  1. Reads the text file that you provided, which contains the names of the client computers.
  2. Releases the license from the clients listed in the text file. During this operation, the clients become deconfigured, and are displayed as unavailable (grayed out) in the CommCell Browser.
  3. Sends an email which indicates the results of the operation.

Prerequisites

Create a text file with the name of the client computers that you want to manage. Each name must be entered in a new line.

If you want to create placeholders for new clients, the text file must also include the host name next to the computer name. For example, client1 client1.domain.com.

Procedure

  1. From the CommCell Browser, go to Workflows.
  2. Right-click Client Certificate Administration and then click All Tasks > Execute.
  3. From the Run workflow on list, select the workflow engine and click OK.
  4. In the Select Operation to Perform dialog box, select the operation that you want perform, enter your email address, and click Next.
  5. Refer to the following table to complete the steps required for the operation that you selected:
    Operation Steps
    Preconfigure clients and temp certificates In the Clients and Certificate Info dialog box, perform the following steps:
    1. In the Provide client-to-hostname Mapping file box, specify the location of the text file that lists the computer names and host names.
    2. Optional: If you want to assign the new clients to a client group, select the name of the client group from the Select Client Group list.
    3. In the Clients File System Type section, select the operating system of the new clients.
    4. In the Generate Certificate for clients section, determine whether you want to create temporary certificates for the new clients.
    5. In the Email Certificate? section, perform one of the following steps:
      • If you chose to create temporary certificates, determine whether you want to receive a copy of each certificate.
      • If you chose not to create certificates, select the no check box.
    6. Optional: If you want to send the certificates and operation results to a different email address than the one you specified, or to additional email IDs, specify the email IDs in the Email ID to mail the Results/Certificates box. Multiple IDs must be separated with a semicolon (;).
    7. Optional: By default, the certificates are stored in the C:\Workflow directory of the CommServe computer. If you want to store the certificates in a different location, specify the new location in the Destination Directory Path to store certificate box.

      Two additional subfolders will be created within the destination directory. For example, if the destination is C:\Workflow, the certificates are stored in C:\Workflow\<job_ID>\<userName>, where the user name is the user that ran the workflow.

    8. Click Next.
    Create Temp Certificates for existing Clients In the Provide details to create Certificate dialog box, perform the following steps:
    1. In the Provide the file containing client list box, specify the location of the text file that lists the names of the client computers.
    2. In the Email Certificate? section, determine whether you want to receive a copy of each certificate.
    3. In the Provide Location to store certificates box, specify a directory on the CommServe computer where you want to store the certificates.
      • By default, the certificates are stored in the C:\Workflow directory.
      • Two additional subfolders will be created within the destination directory. For example, if the destination is C:\Workflow, the certificates are stored in C:\Workflow\<job_ID>\<userName>, where the user name is the user that ran the workflow.
    4. In the Provide email ID to send the Reports box, the email address that you previously specified is displayed. If you want to send the certificates and operation results to a different email address or to additional email IDs, specify the email IDs separated with a semicolon (;).
    5. Click Next.
    • Revoke all Certificates for clients
    • Delete Deconfigured Clients
    • Release License for clients
    In the Revoke/Release License for Clients dialog box, perform the following steps:
    1. In the File containing client list box, specify the location of the text file that lists the names of the client computers.
    2. In the Provide email ID for sending the results box, the email address that you previously specified is displayed. If you want to send the operation results to a different email address or to additional email IDs, specify the email IDs separated with a semicolon (;).
    3. Click Next.
    Renew all Certificates for clients In the Provide details to create Certificate dialog box, perform the following steps:
    1. In the File containing client list box, specify the location of the text file that lists the names of the client computers.
    2. In the Provide email ID to send the reports box, the email address that you previously specified is displayed. If you want to send the operation results to a different email address or to additional email IDs, specify the email IDs separated with a semicolon (;).
    3. Click Next.
  6. In the Workflow job info dialog box, click OK.

    You can track the progress of the workflow job from the Job Controller.

After the workflow job finishes, an email is sent with the operation results to the email IDs that were specified in the workflow. If you created client certificates and chose to receive copies of the certificates, you will receive a separate email for each certificate.