Configuring ACME
To perform client certificate enrollments using ACME protocol, the admin or a privileged user needs to first set up the ACME server agent using the AppViewX portal. Upon successful set up of the ACME server Agent through the portal, a URL will be generated. Clients can then use this URL to send enrollment requests to AppViewX via ACME protocol.
The detailed steps for setting up the ACME server agent are listed below:
- Log in to AppViewX application with admin or privileged user credentials.
- Click the menu button located in the upper left corner of the screen.
The left navigation pane appears.
- Navigate to CERT+ > ADMINISTRATION > Auto Enrollment > ACME.
- Select Add or Configure Now.
-
Configure the Endpoint Details as follows:
Prerequsistes for entering the IP/FQDN field:
- The "Cloud Connector Name" (in the Add Cloud connector page) must be the same as the FQDN name entered.
- The CC should have the reachability to the Endpoint.
- If entering the IP the ensure that single cloud connector is used.
The following table provides the field description for adding the Agent Details:Field Name Field Type Mandatory Description Validation Name Text Yes Unique name to identify the agent setting. No special characters other than ‘.’, ‘-’,’_’ are allowed. Name should not start with special characters. IP/FQDN Text Yes Enter the FQDN/IP address of the appviewx cloud connector. Invalid FQDN/IP address(example: xxx.xxx.xxx.xxx) Port Text Yes HTTP gateway port of the AppViewX node. Port will accept only numerical values between 0 to 65535. Challenge Type Dropdown Yes Select the one of the following challenge type: -
DNS
-
HTTP
NA 
- Configure the CA Accounts details as follows:
The following table provides the field description for CA Accounts section:Field Name Field Type Mandatory Description Validation Certificate Group Dropdown Yes Select a specific group under which certificate needs to be enrolled. NA Certificate Category Radio button Yes Select a specific certificate type (Server / Client) to be enrolled.
NA Select CA Dropdown Yes Select the required CA from the available options:
- AppViewX
- DigiCert
- Ejbca
- Microsoft Standalone
- AppViewX PKIaaS
- Microsoft Enterprise
- Amazon Private CA
- DigiCert MPKI
- Entrust MPKI
- Comodo Certificate Manager
- Entrust
- Nexus
- Globalsign
- Globalsign MSSL
The certificate will be enrolled under the selected CA.
Note: The Vendor Specific Details section is displayed after the CA Accounts section only if DigiCert, Entrust MPKIEjbca, Entrust, or MS Enterprise is selected as the CA.NA The following fields are displayed as per the selected CA:-
When AppViewX is selected as CA,
The following table provides the
field description for AppViewX CA:Field Name Field Type Mandatory Description Validation CA Account Dropdown Yes Select the specific CA Account associated with the selected CA to be used for certificate creation operations. NA CA Connector Name Text Yes Name of the CA connector after the certificate is enrolled. No special characters are allowed. Only alphanumeric and space are allowed. Certificate Validity Text Yes Validity of the certificate to be enrolled. Certificate validity accepts only numerical values. -
When Google is selected as CA,
The following table provides the
field description for Google CA:Field Name Field Type Mandatory Description Validation CA Account Dropdown Yes Select the specific CA Account associated with the selected CA to be used for certificate creation operations. NA Issuer Location Dropdown Yes Select the issuer location associated with the CA account. NA Pool Name Dropdown Yes Select a pool name to issue the certificate. NA CA Connector Name Text Yes Name of the CA connector after the certificate is enrolled. No special characters are allowed. Only alphanumeric and space are allowed. Certificate Validity Text Yes Validity of the certificate to be enrolled. Certificate validity accepts only numerical values. -
When DigiCert is selected as CA,
The following table provides the
field description for DigiCert CA:Field Name Field Type Mandatory Description Validation CA Account Dropdown Yes Select the specific CA Account associated with the selected CA to be used for certificate creation operations. NA Division Dropdown Yes Select the division associated with the CA account. NA Cert Type Dropdown Yes Select certificate type to issue the certificate. NA CA Connector Name Text Yes Name of the CA connector after the certificate is enrolled. No special characters are allowed. Only alphanumeric and space are allowed. Certificate Validity Text Yes Validity of the certificate to be enrolled. Certificate validity accepts only numerical values. If the selected CA is DigiCert, a separate section Vendor Specific Details is displayed after the CA Accounts section.
The following table
provides the field description for Vendor specific details:Field Name Field Type Mandatory Description Validation Server Type Dropdown Yes Select a server type. NA Payment Method Dropdown Yes Select a payment method. The possible options are: -
Bill To Account Balance - Pay with account balance. Returns an error if this option is disabled for the account or if the account has insufficient fund.
-
Bill To Default Credit Card - Pay with account's dafault credit card. Returns an error if no default credit card is configured for the account.
Alphanumeric characters, spaces, and the special characters -_.* are allowed. -
-
When Ejbca is selected as CA,
The following table provides
the field description for Ejbca CA:Field Name Field Type Mandatory Description Validation CA Account Dropdown Yes Select the specific CA Account associated with the selected CA to be used for certificate creation operations. NA CA Connector Name Text Yes Name of the CA connector after the certificate is enrolled. No special characters are allowed. Only alphanumeric and space are allowed. Certificate Validity Text Yes Validity of the certificate to be enrolled. Certificate validity accepts only numerical values. If the selected CA is Ejbca, a separate section Vendor specific details is displayed after the CA Accounts section.
The following table
provides the field description for Vendor specific details:Field Name Field Type Mandatory Description Validation End Entity Profile Name Dropdown Yes Select a profile of an end entity. NA End entity user name Text No Enter the user name for the end entity. Alphanumeric characters, spaces, and the special characters -_.* are allowed. Issuer Common Name Dropdown Yes Select a common name of an issuer. NA Certificate Profile Name Dropdown Yes Select a profile name of certificate. NA -
When Microsoft Standalone is selected as CA,
The following
table provides the field description for Microsoft Standalone CA:Field Name Field Type Mandatory Description Validation CA Account Dropdown Yes Select the specific CA Account associated with the selected CA to be used for certificate creation operations. NA CA Connector Name Text Yes Name of the CA connector after the certificate is enrolled. No special characters are allowed. Only alphanumeric and space are allowed. Certificate Validity Text Yes Validity of the certificate to be enrolled. Certificate validity accepts only numerical values. -
When AppViewX PKIaaS is selected as CA,
The following table provides
the field description for AppViewX PKIaaS CA:Field Name Field Type Mandatory Description Validation CA Account Dropdown
Yes
Select a specific CA Account from the selected CA which is to be used for certificate creation operations.
NA
Issuer Location Dropdown
Yes Select an issuer location that is associated with the CA account. NA Pool Name Dropdown
Yes Select a pool name to issue the certificate. NA Issuer Name Dropdown
Yes Select an issuer name to issue the certificate. NA CA Certificate Dropdown
Yes
Type 3 or more letters of the certificate keywords after which a list of server certificates issued from the above selected CA account will be displayed, one certificate can be selected for further communications with EST client machine.
NA
CA Connector Name Text
Yes
Name of the CA connector after certificate is being enrolled.
NA
Certificate Validity Text
Yes
Validity of the certificate to be enrolled.
Certificate validity accepts only numerical values.
-
When Microsoft Enterprise is selected as CA,
The following
table provides the field description for Microsoft Enterprise CA:Field Name Field Type Mandatory Description Validation CA Account Dropdown Yes Select the specific CA Account associated with the selected CA to be used for certificate creation operations. NA CA Connector Name Text Yes Name of the CA connector after the certificate is enrolled. No special characters are allowed. Only alphanumeric and space are allowed. Certificate Validity Text Yes Validity of the certificate to be enrolled. Certificate validity accepts only numerical values. If the selected CA is Microsoft Enterprise, a separate section displaying Vendor specific details is displayed after the CA Accounts section.
Select a template from
the dropdown list.
-
When Amazon Private CA is selected as CA,
The following
table provides the field description for Amazon Private CA:Field Name Field Type Mandatory Description Validation CA Account Dropdown Yes Select the specific CA Account associated with the selected CA to be used for certificate creation operations. NA Region Dropdown Yes Select a region from the dropdown list. NA Issuer Dropdown Yes Select the issuer from the dropdown list. NA Signature Algorithm Dropdown Yes Select the SignAlgothirm from the dropdown list. The available options are:-
SHA256WITHECDSA
-
SHA384WITHECDSA
-
SHA512WITHECDSA
-
SHA256WITHRSA
-
SHA384WITHRSA
-
SHA512WITHRSA
NA CA Connector Name Text Yes Name of the CA connector after the certificate is enrolled. No special characters are allowed. Only alphanumeric and space are allowed. Certificate Validity Text Yes Validity of the certificate to be enrolled. Certificate validity accepts only numerical values. -
-
When DigiCert MPKI is selected as CA,
The following table provides
the field description for DigiCert MPKI CA:Field Name Field Type Mandatory Description Validation CA Account Dropdown Yes Select the specific CA Account associated with the selected CA to be used for certificate creation operations. NA Profiles Dropdown Yes Select a profile from the dropdown option. NA CA Connector Name Text Yes Name of the CA connector after the certificate is enrolled. No special characters are allowed. Only alphanumeric and space are allowed. -
When Entrust MPKI is selected as CA,
The following table provides
the field description for Entrust MPKI CA:Field Name Field Type Mandatory Description Validation CA Account Dropdown Yes Select the specific CA Account associated with the selected CA to be used for certificate creation operations. NA CA Connector Name Text Yes Name of the CA connector after the certificate is enrolled. No special characters are allowed. Only alphanumeric and space are allowed. Certificate Validity Text Yes Validity of the certificate to be enrolled. Certificate validity accepts only numerical values. If the selected CA is Entrust MPKI, a separate section Vendor Specific Details is displayed after the CA Accounts section.
The following table
provides the field description for Vendor specific details:Field Name Field Type Mandatory Description Validation CA Name Dropdown Yes Select a CA name from the dropdown list. NA Cert Profiles Dropdown Yes Select a cert profile from the dropdown list. NA -
When Comodo Certificate Manager is selected as CA,
The following
table provides the field description for Comodo Certificate Manager CA:Field Name Field Type Mandatory Description Validation CA Account Dropdown Yes Select the specific CA Account associated with the selected CA to be used for certificate creation operations. NA Cert Type Dropdown Yes Select certificate type to issue the certificate. NA CA Connector Name Text Yes Name of the CA connector after the certificate is enrolled. No special characters are allowed. Only alphanumeric and space are allowed. Certificate Validity Text Yes Validity of the certificate to be enrolled. Certificate validity accepts only numerical values. -
When Entrust is selected as CA,The following table provides the field description for Comodo Certificate Manager CA:
Field Name Field Type Mandatory Description Validation CA Account Dropdown Yes Select a specific CA Account from the selected CA which is to be used for certificate creation operations. NA Certificate Type Dropdown Yes Select a valid cert type associated with the CA account.
If the Certificate Category radiobutton is selected to Server, the dropdown is populated with the first available value. Select an appropriate value as required.
If the Certificate Category radiobutton is selected to Client, the dropdown is populated with ‘None’ as the default value.
NA CA Connector Name Text Yes Name of the CA connector after the certificate is enrolled. No special characters are allowed. Only alphanumeric and space are allowed. Certificate Validity Text Yes Validity of the certificate to be enrolled (in days/months/years). Certificate validity accepts only numerical values. If the selected CA is Entrust, a separate section displaying Vendor specific details and Custom Attributes is displayed after the CA Accounts section.
Note: Based on the Entrust ECS account configuration Custom Attributes section may also be displayed as shown above.Field Name Field Type Mandatory Description Validation Additional Emails Text No Enter the valid email address in the field. NA Demo Text No Enter the demo details NA Certificate type Text No Enter a valid certificate type NA Tracking id Text No Enter the tracking id NA -
When GlobalSign MSSL is selected as CA.
The following table provides the field description for GlobalSign MSSL:
Field Name Field Type Mandatory Description Validation CA Account Dropdown Yes Select a specific CA Account from the selected CA which is to be used for certificate creation operations. NA Certificate Type Dropdown Yes Select the specific Certificate Type.
The values are fetched from the CA Settings configuration.
NA CA Connector Name Select Yes Name of the CA connector after the certificate is enrolled. NA Certificate Validity Dropdown Yes Validity of the certificate to be enrolled. (in days/months/years) Certificate validity accepts only numerical values. The following field is displayed in the Vendor Specific Details section as per the selected CA:
Field Name Field Type Mandatory Description Validation Profile Dropdown Yes Select the Profile based on the configurations made in the Certificate Authority Setting. NA The following field is displayed in the Point of Contact section as per the selected CA. The CA mandates the point of contact information for traceability. All auto-enrollment requests via this endpoint are registered with the point of contact information entered here.
Field Name Field Type Mandatory Description Validation First Name Text Yes Enter the first name. NA Email Address Text Yes Enter the valid email address. NA Phone Number Text Yes Enter the valid phone number. NA -
When GlobalSign is selected as CA
The following table provides the field description for GlobalSign CA:Field Name Field Type Mandatory Description Validation CA Account Dropdown Yes Select a specific CA Account from the selected CA which is to be used for certificate creation operations. NA Certificate Type Dropdown Yes Select the specific Certificate Type. The values are fetched from the CA Settings configuration.
NA CA Connector Name Select Yes Name of the CA connector after the certificate is enrolled. NA Certificate Validity Dropdown Yes Validity of the certificate to be enrolled. (in days/months/years) Certificate validity accepts only numerical values. The following field is displayed in the Vendor Specific Details section as per the selected CA, If the Select CA =GlobalSign, and the Certificate type = Server
Field Name Field Type Mandatory Description Validation Domain Admin Email Dropdown Yes Select the email id to receive the approval requests from GlobalSign CA. NA :The following field is displayed in the Point of Contact section as per the selected CA. The CA mandates the point of contact information for traceability. All auto-enrollment requests via this endpoint are registered with the point of contact information entered here.
Field Name Field Type Mandatory Description Validation First Name Text Yes Enter the first name NA -
When Nexus is selected as CA.The following table provides the field description for Nexus CA
Field Name Field Type Mandatory Description Validation CA Account Dropdown Yes Select a specific CA Account from the selected CA which is to be used for certificate creation operations. NA CA Certificate Dropdown Yes Type 3 or more letters of the certificate keywords and select one issuer certificate from the dropdown. This issuer certificate will be used for signing the CSR by the certificate authority.
NOTE: Only the issuer certificates available in the root or intermediate certificates inventory will be shown for selection.
NA CA Connector Name Select Yes Name of the CA connector after the certificate is enrolled. NA Certificate Validity Dropdown Yes Validity of the certificate to be enrolled. (in days/months/years) Certificate validity accepts only numerical values. The following field is displayed in the Vendor Specific Details section as per the selected CA:
Field Name Field Type Mandatory Description Validation Procedure Dropdown Yes Select the Procedure based on the configurations made in the Certificate Authority Setting. NA
-
Configure the Advanced Settings details as follows:
The following table provides the field description for the Advanced Settings section:Field Name Field Type Mandatory Description Validation *Fetch Certificate Parameters Radio button Yes Select Yes or No
Setting the radio button to Yes, will enable the system to automatically fetch certificate parameters from a Suggestive Policy, and append them to the client CSRs.
NA - Click Save.