Configuring Policy for GlobalSign Atlas CA

Before You Begin: The prerequisites for configuring the policy are as follows:

  • Certificate Group(s) must be available to map the policy to them

  • CA accounts (settings) must be available to which the policy is going to be created

  • AppViewX permission required (Accounts > Roles - Click here to check Accounts management)

To configure policy for GlobalSign Atlas CA

  1. Go to menu > KUBE+ > Groups & Policies > CA Policy
    On the CA Policy page, the configured policies are displayed, if any.
    Note: KUBE+ is packaged with default policies they are Default and Certificate-Gateway.
  2. Click + Create button to configure GlobalSign Atlas custom policy.
  3. Refer Configure Policy Details section in the admin guide to configure

    • Policy Details section

    • Group Selection section

    • Compliance Check section

  4. On the CA Policy: Create page, click GlobalSign Atlas in the Certificate Authority pane on the left side of the screen.

    The updated fields for the CA are displayed on the right side of page.

    Table 1. CA Details - Field Description Table
    Field Name Field Type Description Validation
    *CA Accounts Dropdown The GlobalSign Atlas CA accounts configured in the CA settings screen are listed here. Select a CA account from the list to create the policy.
    *Validity Text

    Enter the validity period for the certificate. The available options are:

    • Days - You can enter more than one validity period in days, to choose one in certificate enrolment.

    • Month - You can enter more than one validity period in Months, to choose one in certificate enrolment.

    • Year - You can enter more than one validity period in Year, to choose one in certificate enrolment.
    *Bit Length - Key Type Multi-select dropdown

    All the Key Types are listed with corresponding Bit Length. You can select one (or) more than one Bit Length - Key Type(s) from the drop-down.

    The discovered certificate's Key Type and Bit length will be compared against the selected Bit Length - Key Type(s) to identify if they are compliant with the policy. Selected Bit Length - Key Type(s) is enforced while performing any certificate request operations such as New, Renew, Regenerate.
    *Hash Function Multi-select dropdown

    Supported Hash Function(s) are listed here. You can select one (or) more Hash Function(s) from the drop-down.

    The discovered certificate's Key Hash Algorithm will be compared against the selected Hash Function(s) to identify if they are compliant with the policy. Selected Hash Function(s) is enforced while performing any certificate request operations such as New, Renew, Regenerate.
    Note: The asterisk (*) symbol indicates a mandatory field.
  5. Enter the desired values above and click Add.

    The CA details are saved to the table and the confirmation message is displayed.

  6. You can use the Edit (pencil)option in the table to modify the configuration and the Remove (bin) option to delete the configuration.
  7. Enter values in the Certificate parameters section based on your organization's policies and standards.
    Table 2. Certificate Parameters - Field Description Table
    Field Name Field Type Description Validation
    *Host Name Text

    Enter the hostname for the certificate.

    The hostname should not start and end with a dot/full stop (.)
    *Allowed Domain Names Text

    Enter only the white-listed domain names.

    Press enter after adding the domain name. multiple domain names can be added.
    Common Name Multi-select dropdown

    You can provide the common name. For example, *.domain.com

    It helps enforce domains for which a certificate can be requested. Common Name is enforced while performing any certificate request operations such as New, Renew, Regenerate.

    Use Asterisk (*) for the host part of the FQDN to enforce the domain. For example, *.domain.com will only allow users to request certificates with domain.com.

    Allowed Special Characters: Asterisk (*), Hyphen (-), Period (.)
    Note: The asterisk (*) symbol indicates a mandatory field.
  8. Click the Save CA Details button.
  9. Select groups from the Group selection section and indicate for Compliance check using the toggle button in the respective section
  10. Click the Create Policy button to create a new policy.

    The policy is created and a confirmation message is displayed.