Configure a SCEP Agent

  1. To configure a new user or an existing user for the SCEP agent, update the following details in the avx-scep-agent.properties file:
    • USERNAME=<Provide the username>
    • Encrypt the password using CryptUtil.jar as follows:
      • [appviewx@cert-dev-26 properties]$ ../jre/bin/java -jar CryptUtil.jar encrypt <Password to be encrypted>
      • LOGIN_ENCRYPTED_PASSWORD=<Provide Encrypted Value>

        For exampleछ encrypted value = JPYexGK+P1M4CASDpanwvQ==

      • LOGIN_PASSWORD_DECRYPTION_KEY=<Provide Encrypted Key>

        For example: encrypted key = hmgodr71tpfcecwmh0iaap8eh

  2. To create a certificate group/policy in AppViewX and configure the certificate group for the enrollment, complete the following steps:
    • Default Certificate Group:
      • The challenge password authentication will be skipped if you configure the default group name.
      • CERT_GROUP_DEFAULT = <CERTIFICATE_GROUP>

        For example, CERT_GROUP_DEFAULT=defaultSCEPGroup

    • Certificate Group for Auto Enrollment:
      • Create a policy with the ‘Approval required’ flag as OFF and associate it with the certificate group created for auto-enrollment.
      • If the challenge password is successfully authenticated, the certificate group with auto-approval will be selected.
      • CERT_GROUP_AUTO = <CERTIFICATE_GROUP>

        For example, CERT_GROUP_AUTO=autoApprovalGroup

      • SCEP_CHALLENGE = <Challenge password>

        For example, SCEP_CHALLENGE=test

    • Certificate Group for Manual Enrollment:
      • Create a policy with the ‘Approval required’ flag as ON and associate it with the certificate group created for manual enrollment.
      • If challenge password authentication has been failed then, the certificate group with manual approval will be selected.
      • Log in into AppViewX and navigate to the certificate's holistic view to perform ‘Approve’ and ‘Implement’ actions for certificate enrollment.
      • CERT_GROUP_MANUAL = <CERTIFICATE_GROUP>

        For example, CERT_GROUP_MANUAL=manualApprovalGroup

    You can configure an agent in either the Certificate Authority (CA) Mode or Registration Authority (RA) Mode based on the ‘CA_MODE’ property selected in the avx-scep-agent.properties file:
    • CA_MODE=Y
    • CA_MODE=N