Certificate Installation¶
Certificate installation is the process of deploying a certificate — and its associated private key — to a target system so that the system can present the certificate to clients. The Zaita platform supports automated installation to a range of target system types through Bridges, and manual installation via certificate download.
What Is Certificate Installation?¶
Once a certificate has been provisioned, it must be placed on the system that will use it. For a web server, this means writing the certificate and private key to the server's configuration. For an application, it may mean importing the certificate into a keystore or certificate store. Certificate installation is the last step in the provisioning lifecycle before the certificate becomes operational.
The Zaita platform separates certificate issuance from certificate deployment. A certificate can be issued, stored in the platform inventory, and then pushed to one or more target systems — either on demand or automatically when a renewal is issued.
Deployment Methods¶
The platform supports two deployment paths:
Automated Deployment via Bridge¶
A Bridge is a lightweight agent deployed within your network. When a certificate is associated with a target system that has a Bridge configured, the platform can push the certificate directly to that target system.
Supported deployment types include:
| Target Type | Description |
|---|---|
| Windows / IIS | Installs the certificate into the Windows certificate store and binds it to an IIS site. |
| Nginx | Writes the certificate and key to configured file paths and reloads the service. |
| Apache | Writes the certificate and key to configured file paths and reloads the service. |
| Linux (custom) | Writes the certificate and key to configured paths on a Linux host. |
For automated deployment to work, a Bridge must be running and connected, and the target system must be configured with the correct deployment type and paths.
Manual Download and Installation¶
If a target system does not support automated deployment, or if you prefer manual control, you can download the certificate from the platform and install it yourself.
Certificates can be downloaded in:
- PEM format — the certificate only, suitable for most Linux-based servers.
- PFX / PKCS#12 format — the certificate and private key bundled together, suitable for Windows environments. Available for certificates issued through Local PKI where the private key was generated by the platform.
Certificate Installation and Renewal¶
When a certificate is renewed, the platform can automatically push the renewed certificate to the same target systems the original certificate was deployed to. This removes the need to manually redeploy after each renewal cycle.
If automated deployment is configured correctly, the renewal and re-installation can occur without any operator intervention.
Who Can Manage Certificate Installation¶
Certificate installation operations require a role with deployment permissions. The following roles have access:
| Role | Access |
|---|---|
| Super Administrator | Full access to all certificate operations and deployment |
| Deployment Administrator | Full access to certificate deployment operations |
| PKI Administrator | Can manage certificate issuance; deployment access depends on configuration |
Next Steps¶
- Setting up Certificate Installation — configure target systems and deployment paths.
- Managing Installed Certificates — view deployment status, push updates, and troubleshoot failed deployments.
- Best Practices for Certificate Installation — guidance on deployment automation and key security.