Configure Certificate Settings

Add or Modify a Certificate Authority Account

To configure the certificate settings for client or server vendor in AppViewX:
  1. Click and select Inventory > Certificate.
    The Certificate screen opens with the Server tab displayed by default.
  2. (Optional) If you want to configure settings for a client-vendor, click the Client tab.
  3. From Advanced dropdown on the Command bar, select Settings.
  4. Click Certificate authority if it is not open already. The screen opens, listed on the left-hand column is the certificate authority (CA) available in AppViewX.
    Note: To configure a programmable CA, refer Configure a Programmable Certificate Authority topic.
  5. Click a vendor name to view the list of accounts configured for the selected CA.
  6. On the command bar, click .
    Note: Fields with a red asterisk (*) are mandatory.
    • Based on the details provided in the CA configuration, certificate product types can be fetched dynamically for Sectigo and along with divisions certificate product types can be fetched dynamically for Digicert.
    • So, the certificate product types can be fetched dynamically with respect to account details provided in the CA configuration.
    • The Fetch custom attributes button is only available for the Entrust and Symantec CA(s). Click this button to connect to the corresponding CA account and retrieve the custom attributes from the CA portal.
    • For EJBCA CA, there is a provision to validate the CA credentials and retrieve the certificate issuer name from the EJBCA account. Also, you can select the custom attributes configured in the EJBCA portal. The values for those custom attributes can be configured while submitting a CSR.
    • For EJBCA custom attributes, State or Province, Country, Organization, and Organization unit values will be driven from policy and not from the CA settings to arrive at the compliance report using the custom attributes.
    • When AppViewX CA needs to be configured for the first time, click the Default AppViewX Setting button to generate the Root and Intermediate CA.
    • For Microsoft CA, the user can check/uncheck the CA manager approval option. When it is selected, it is mandatory to provide the manager's name and password. (When WMI is selected, Windows gateway should not be installed in the same CA machine.)
  7. Click Save.
  8. To edit account settings for a particular vendor, click that account.
    Fields corresponding to that account will be editable.
  9. Make relevant changes and click Update.
  10. To test the connection between the AppViewX and the CA account you created, click on the Connection Status column.
  11. (Optional) Repeat steps 8 and 9 for other vendors whose CA details you wish to edit.

Create a Custom CA

The Custom CA provides an option to create your own CA with the name of the corresponding organization or customer for which you want to create, rather than using the other CA(s).

To create a custom CA in AppViewX:

  1. Click and select Inventory > Certificate.
    The Certificate screen opens with the Server tab displayed by default.
  2. (Optional) To create a custom CA for a client-vendor, click Client.
  3. From the Advanced dropdown on the command bar, select the Settings option.
  4. Click Certificate authority if it is not open already.
    The screen opens, listed on the left-hand column is the certificate authority (CA) available in AppViewX.
  5. Click Custom.
  6. On the screen that appears, enter a name for the CA you want to be displayed.
  7. In the Upload CA logo field, click the Upload button to browse and navigate to the image you want to add and click Open.
  8. The image will be displayed on the Preview field, click Save.
    The newly created CA will be added to the vendor list in the left-hand column, where each CA is available in AppViewX. You must now create a root certificate for the new custom CA, under which multiple intermediate CA(s) can be added. For more details, refer to Create a Root and Intermediate Certificate Authority.

Add a Programmable Application Connector

Note: By default, the Windows JKS had been pre-configured.

To add a scripted application in AppViewX:

  1. Click and select Inventory > Certificate.
    The Certificate screen opens with the Server tab displayed by default.
  2. (Optional) To add a scripted application for a client-vendor, click Client.
  3. From Advanced dropdown on the command bar, select Settings.
  4. Click Application.
  5. On the screen that appears, click in the command bar.
  6. In the Name field, provide a name for the new application connector to help users identify it.
  7. From the Purpose/Usage dropdown, select the type of certificate from the list or if the list is extensive, use the search field in the dropdown to find.
  8. In the Upload vendor logo field, click the Upload button to browse and navigate to the image you want to be displayed in the server addition page, then click Open.
  9. In the Upload vendor icon field, click the Upload button to browse and navigate to the image you want to display on the device inventory and holistic view, click Open.
  10. Select the windows or Linux radio button depending on the type of server you want to use.
  11. In the Application configuration section, provide the location of the Python script files (containing the actions to be performed on the templates) in the following fields:
    • Discovery script
    • Discovery script parameters
    • Device Validation script
    • Device Validation script parameters
    • Pre - Push script
    • Pre - Push script parameters
    • Push script
    • Push script parameters
    • Post - Push script
    • Post - Push script parameters
    • Monitor script
    • Monitor script parameters
    • Rollback script
    • Rollback script parameters
  12. Click Save.
    The connector and its details are added and listed in the table at the bottom of the screen. To edit settings for a particular application, click that connector. Fields corresponding to that connector will be editable.
  13. Make relevant changes and click Update.

Add a Password in the Vault

The password vault option is used to store all certificate passwords of the selected ADC devices. All the password-protected certificates that are discovered, will be decrypted and pushed to the discovery grid in the AppViewX Inventory. This happens only if passwords are matched with passwords that are stored in the vault.
Note: This functionality is supported only for the Citrix devices

To add a password in the vault:

  1. Click and select Inventory > Certificate.
    The Certificate screen opens with the Server tab displayed by default.
  2. (Optional) To add a password in the vault for a client-vendor, click Client.
  3. From the Advanced dropdown on the command bar, click Settings.
  4. Click Password Vault.
  5. On the screen that appears, enter an identity name of the password you want to add in the vault.
  6. From the Device name dropdown, select the ADC device whose password-protected certificate details you want to store.
  7. In the File name field, enter a certificate file name to help the users identify it.
  8. In the Password field, enter the password that is associated with the certificate.
  9. Click Save.
  10. Click on the command bar to import a file (in XLS or CSV format) with a list of all certificate passwords. This option is used to store the certificate passwords directly in the vault instead of adding them manually.
  11. Click on the command bar to export all stored certificate passwords from the vault as a zip file to your computer.

Configure the Job Scheduler

To configure the scheduled tasks:
  1. Click and select Inventory > Certificate.
    The Certificate screen opens with the Server tab displayed by default.
  2. From the Advanced dropdown on the command bar, click Settings.
  3. Click Job Scheduler.
  4. From Actions, you can enable/disable a particular task or trigger it immediately.

Configure the General Settings

To configure the generic settings:
  1. Click and select Inventory > Certificate.
    The Certificate screen opens with the Server tab displayed by default.
  2. From the Advanced dropdown on the command bar, click Settings.
  3. Click General Settings.
    You can select one of the following tabs:
    Note: The number of approval levels configured in templates must be equal to approval levels defined in the settings
    • Certificate attributes - On the screen that appears:
      • Click Add New.
      • On the Certificate attributes window that appears, key identification and label name in the respective fields.
      • Click Save.
      • The attribute is displayed on the table and during certificate creation, from the Actions column, you can modify or delete an attribute.
    • Email settings - Expand any task, fill email addresses for various levels of approvals and click Save changes. You can click Add to include more keys and corresponding values to the task.
    • Expired certificates - Select Yes (to delete expired certificates after expiry) and click Save.
    • History of certificates - Select Yes (to maintain the history of a certificate after its renewal, reissue, or regeneration) and click Save.

Configure the Auto Enrolment Settings

To configure the auto-enrolment protocol agents in AppViewX:
  1. Click and select Inventory > Certificate.
    The Certificate screen opens with the Server tab displayed by default.
  2. From the Advanced dropdown on the command bar, click Settings.
  3. Select Job Scheduler.
  4. You can choose EST or SCEP from the right pane.
  5. Click Configure Now.
  6. Enter the mandatory details as per the guidance provided in the help icon and then click Save.
    Note: For any protocol, more than one agent details can be added to AppViewX.