Create Root CA

To create root CA:

  1. Click the Menu () icon.

  2. Click PKI+ > CA Inventory.

    The CA Inventory page appears.

  3. Click +Create CA on the top-right corner of the page.

    The Create CA page is displayed.

  4. Enter the fields as described in the table.

    Field Description
    Select CA Type
    *CA Name Provide a friendly name for reference.
    Certificate Type

    Select Root CA.

    *Valid for Select the number of years to CA expiry.
    Configure CA Subject Name
    *Organization Enter the organization name owning the CA.
    Organization Unit Enter the business unit for CA operations.
    City Enter the city name.
    State Enter the state name.
    Country Enter the country of the organization.
    *CA Common Name Enter the root CA subject name.
    Configure CA Key Size and Algorithm
    *Key Size and Algorithm Select the CA key size and algorithm from the dropdown list.
    Configure CA Artifacts
    *Policy ID You can either select the CA policy ID from the dropdown list or key in the policy ID.

    By default, the value is 2.5.29.32.0.
    Note: Fields marked with red asterisk (*) symbol are mandatory.

  5. Click Save.

    A window with the summary of values entered appears.



  6. Click Proceed to trigger the approval flow.

    The newly created CA appears in the table with the approval status as Create - Approval Pending and the status as Awaiting Approval until all the necessary approvals are completed. If you want to abort the action, then click Abort.

    An email from AppViewX is sent to all the active custodians for approving the CA.



  7. Click the here hyperlink in the email to be redirected to the AppViewX login page.

    On successfully logging in, the approval request is displayed with the Approve and Reject buttons.



  8. Enter the comments and click Approve.

    A confirmation popup window appears if you want to submit the request.

  9. Click OK. Once the approval count reaches the minimum approval as set by the quorum number, the custodian is approved.

    The approval status changes to Create - Approved and the status to In Progress until the CA is created and is enabled.

  10. Click the Refresh () icon to see the status as Active once the CA is activated. Click Resubmit if the action fails for any reason.

    Certificates can be issued from this CA. CRLs are generated for this CA.

  11. [Optional] Click the Audit Log against the CA to view the audit log details. You can also download the audit log by clicking the Download button on the Audit Log view page. The audit log is exported in the .xls format.
    Note: Once the audit log is fully loaded, the Loading button will turn to View. Refresh the page to see the View button.

  12. [Optional] Click the Approval Status column value link to check the update on approvals.

Note: The PKI CA thus created cannot be modified but can be viewed from the PKI+ > CA Inventory page.