Configuring ACME

To perform client certificate enrollments using ACME protocol, the admin or a privileged user needs to first set up the ACME server agent using the AppViewX portal. Upon successful set up of the ACME server Agent through the portal, a URL will be generated. Clients can then use this URL to send enrollment requests to AppViewX via ACME protocol.

The detailed steps for setting up the ACME server agent are listed below:

  1. Log in to AppViewX application with admin or privileged user credentials.
  2. Click the menu button located in the upper left corner of the screen.
    The left navigation pane appears.
  3. Navigate to CERT+ > ADMINISTRATION > Auto Enrollment > ACME.
  4. Select Add or Configure Now.
  5. Configure the Agent Details as follows:
    Field Name Field Type Mandatory Description Validation
    Name Text Yes Unique name to identify the agent setting. No special characters other than ‘.’, ‘-’,’_’ are allowed. Name should not start with special characters.
    Host Text Yes

    IP address of the AppViewX node gateway.

    		 Invalid IP address(example: xxx.xxx.xxx.xxx)
    Port Text Yes HTTP gateway port of the AppViewX node. Port will accept only numerical values between 0 to 65535.
    Challenge Type Dropdown Yes Select the one of the following challenge type:

    • DNS

    • HTTP


  6. Configure the CA Accounts details as follows:
    Field Name Field Type Mandatory Description Validation
    Certificate Group Dropdown Yes Select a specific group under which certificate needs to be enrolled. NA
    Certificate Type Radio button Yes

    Select a specific certificate type (Server / Client) to be enrolled.

    		 NA
    Select CA Dropdown Yes

    Select the required CA from the available options:

    • AppViewX

    • Google

    • DigiCert

    • Comodo Certificate Manager

    • Ejbca

    • DigiCert MPKI

    • Microsoft Enterprise

    The certificate will be enrolled under the selected CA.

    Note: The Vendor Specific Details section is displayed after the CA Accounts section only if DigiCert, EJBCA,or Microsoft Enterprise is selected as the CA.
    		NA


    The following fields are displayed as per the selected CA:
    • When AppViewX, Ejbca, or Microsoft Enterprise is selected as CA.
      Field Name Field Type Mandatory Description Validation
      CA Account Dropdown Yes Select the specific CA Account associated with the selected CA to be used for certificate creation operations. NA
      CA Connector Name Text Yes Name of the CA connector after the certificate is enrolled. No special characters are allowed. Only alphanumeric and space are allowed.
      Certificate Validity Text Yes Validity of the certificate to be enrolled. Certificate validity accepts only numerical values.


    • When Google is selected as CA.
      Field Name Field Type Mandatory Description Validation
      CA Account Dropdown Yes Select the specific CA Account associated with the selected CA to be used for certificate creation operations. NA
      Issuer Location Dropdown Yes Select the issuer location associated with the CA account. NA
      Pool Name Dropdown Yes Select a pool name to issue the certificate. NA
      CA Connector Name Text Yes Name of the CA connector after the certificate is enrolled. No special characters are allowed. Only alphanumeric and space are allowed.
      Certificate Validity Text Yes Validity of the certificate to be enrolled. Certificate validity accepts only numerical values.


    • When DigiCertCA is selected as CA.
      Field Name Field Type Mandatory Description Validation
      CA Account Dropdown Yes Select the specific CA Account associated with the selected CA to be used for certificate creation operations. NA
      Division Dropdown Yes Select the division associated with the CA account. NA
      Cert Type Dropdown Yes Select certificate type to issue the certificate. NA
      CA Connector Name Text Yes Name of the CA connector after the certificate is enrolled. No special characters are allowed. Only alphanumeric and space are allowed.
      Certificate Validity Text Yes Validity of the certificate to be enrolled. Certificate validity accepts only numerical values.


    • When Comodo Certificate Manager is selected as CA.
      Field Name Field Type Mandatory Description Validation
      CA Account Dropdown Yes Select the specific CA Account associated with the selected CA to be used for certificate creation operations. NA
      Cert Type Dropdown Yes Select certificate type to issue the certificate. NA
      CA Connector Name Text Yes Name of the CA connector after the certificate is enrolled. No special characters are allowed. Only alphanumeric and space are allowed.
      Certificate Validity Dropdown Yes Validity of the certificate to be enrolled. Certificate validity accepts only numerical values.


    • When DigiCert MPKI is selected as CA.
      Field Name Field Type Mandatory Description Validation
      CA Account Dropdown Yes Select the specific CA Account associated with the selected CA to be used for certificate creation operations. NA
      Profiles Dropdown Yes This field is displayed if DigiCert MPKI is selected as the CA. Select the required profile to be associated with the CA from the available options.
      Note: The Custom Attributes section is displayed based on the profile selected. Fill in respective fields with valid values to complete the ACME services configuration for Digicert MPKI.
      CA Connector Name Text Yes Name of the CA connector after the certificate is enrolled. No special characters are allowed. Only alphanumeric and space are allowed.


  7. Click Save.