Create this destination to post the issued certificates using the SFTP protocol.
SFTP destinations are a general-purpose way to deploy certificates and private keys to servers supporting the SFTP protocol, such as servers running the sshd process.
To create an SFTP destination in Certificate Hub
- Log in as an administrator with one of the following roles:
- The global_admin role.
- A <user_defined> role with permission to create destinations.
- Go to Automate > Destinations.
- Click Create to configure the following settings.
- Click Verify to check the connection with the destination.
Label
A descriptive name of the destination.
Owner
The username of the destination owner.
The user who adds the destination is automatically made the owner. You can later edit this field and assign ownership to someone else.
Description
A description of the destination purpose.
Authorization Tags
A list of authorization tags. The Custom Roles with any of these tags will grant permissions on the source.
Select Destination Type
Select the following value.
SFTP-Destination-PluginHost
The hostname or IP of the destination server.
Port
The server port for SFTP.
User
The name of the SFTP user.
Password
The password of the SFTP user.
Certificate Hub will use the password if you provide a value for both Password and Private Key File.
Private Key File
The PEM file containing the private key for SFTP authentication. Click Choose Files to import this file.
Certificate Hub will use the password if you provide a value for both Password and Private Key File.
Private Key Password
The password of the private key for SFTP authentication.
Destination Path
The server directory path where Certificate Hub will push the certificates and keys. For each certificate with the <cn> common name, a <cn> subdirectory will include:
- The certificate
- The private key
- The certificate chain.
Existing files will be overwritten.
The paths in these subdirectories do not support aliases.
Export Format
The format of the files containing the certificates and keys.
- PEM
- PKCS #12
Export Separate Chain
When Export Format is PEM:
- Check this checkbox for saving the certificate chain in a separate PEM file
- Uncheck this checkbox (default value) to save the certificate chain in the same PEM file containing the key and the certificate.
When Export Format is P12, the generated PKCS #12 file always contains the certificate chain.