Installing Certificate Manager

Tanium Cloud automatically handles module installations and upgrades.

For information about configuring Certificate Manager for Tanium Cloud, see Configuring Certificate Manager.

Before you begin

Read the release notes.
Review the Certificate Manager requirements.
Assign the correct roles to users for Certificate Manager. Review the User role requirements.
- To import the Certificate Manager solution, you must be assigned the Administrator reserved role.
- To configure the Certificate Manager action group, you must be assigned the Administrator reserved role, Content Administrator reserved role, or a role that has the Action Group write permission.

Import Certificate Manager with default settings

(Tanium Core Platform 7.4.5 or later only) You can set the Certificate Manager action group to target the No Computers filter group by enabling restricted targeting before adding Certificate Manager to your Tanium licenseimporting Certificate Manager. This option enables you to control tools deployment through scheduled actions that are created during the import and that target the Tanium Certificate Manager action group. For example, you might want to test tools on a subset of endpoints before deploying the tools to all endpoints. In this case, you can manually deploy the tools to an action group that you configured to target only the subset. To configure an action group, see Tanium Console User Guide: Managing action groups. To enable or disable restricted targeting, see Tanium Console User Guide: Dependencies, default settings, and tools deployment.

The following default settings are configured:

When you import Certificate Manager, the following default settings are configured:

Setting	Default value
Action group	Restricted targeting disabled (default): All Computers computer group Restricted targeting enabled: No Computers computer group If the action group was already created in a previous version of Certificate Manager, the action group is not updated.
Scheduled action for default audit settings	Maximum Audit Age: 1 Day Port Scan: enabled Log Verbosity: Info Distribute over time: 15 Minutes

Setting

Default value

Action group

Restricted targeting disabled (default): All Computers computer group
Restricted targeting enabled: No Computers computer group

If the action group was already created in a previous version of Certificate Manager, the action group is not updated.

Scheduled action for default audit settings

Maximum Audit Age: 1 Day
Port Scan: enabled
Log Verbosity: Info
Distribute over time: 15 Minutes

To import Certificate Manager and configure default settings, see Tanium Console User Guide: Import all modules and services. After the import, verify that the correct version is installed: see Verify Certificate Manager version.

Import Certificate Manager with custom settings

To import Certificate Manager without automatically configuring default settings, be sure to clear the Apply All Tanium recommended configurations check box while performing the steps in Tanium Console User Guide: Import, re-import, or update specific solutions. After the import, verify that the correct version is installed: see Verify Certificate Manager version.

To configure the Certificate Manager action group, see Configure the Certificate Manager action group.

To configure the Certificate Manager audit settings, see Configure audit settings.

Manage solution dependencies

Other Tanium solutions are required for Certificate Manager to function (required dependencies) or for specific Certificate Manager features to work (feature-specific dependencies). See Solution dependencies.

Upgrade Certificate Manager

For the steps to upgrade Certificate Manager, see Tanium Console User Guide: Import, re-import, or update specific solutions. After the upgrade, verify that the correct version is installed: see Verify Certificate Manager version.

If you are upgrading from Certificate Manager 1.10 or earlier, the following customizations are not migrated when you upgrade to Certificate Manager 1.11 or later:

Certificate exclusions: To reconfigure any custom certificate exclusions, see Configure exclusion list.
Authorized certificate authorities (CAs): To reconfigure any custom CAs, see Configure certificate authorities.
Scheduled actions: Certificate Manager 1.11 now manages scheduled actions through the service. To prevent Certificate Manager audits from running more often than intended, delete any previously created schedule actions after you upgrade Certificate Manager.

Verify Certificate Manager version

After you import Certificate Manager, verify that the correct version is installed:

Refresh your browser.
From the Main menu, go to Administration > Configuration > Solutions.
In the Modules section, verify that the Certificate Manager <version> reflects the version that you installed.