Configuring Entrust

To configure the Entrust CA,

  1. Go to menu > KUBE+ > CLUSTER PKI > Certificate Authority
  2. Click the +Add icon on the top right of the page.
  3. Select the Entrust in the left side vendor list.
  4. Update the following details in the General Information section as described in the table:
    Table 1. General Information - Field Description Table
    Name Description
    *CA Account name

    A unique name to identify the CA setting.

    Note: No special characters other than ‘.’, ‘-’,’_’ are allowed. Names should not start with special characters.
    *Purpose/Usage

    Certificate Type for which CLM actions will be enabled.

    For example: Server and Client
    Proxy Required Enable this field if the CA communication needs to happen via Proxy. The proxy details configured in general settings will be used for communication.
    Data Center (AppViewX's CA agent) Select the data center through which the CA communication needs to happen.
    Note: The asterisk (*) symbol indicates a mandatory field.
  5. Update the following details in the CA Configuration section as described in the table. These fields are necessary for invoking the Entrust CA APIs for Certificate Management.
    Table 2. CA Configuration - Field Description Table
    Name Description
    *Client Authentication

    The client authentication certificate from Entrust for API communication.

    Note: Must be a valid <.p12> file.

    To generate an CSR within AppViewX refer to Generating a CSR and download the CSR. Further, upload the CSR to the Entrust homepage as described in section - XXXXX.
    *Base URL This URL will contain just the hostname of the Entrust CA instance. The value is https://api.entrust.net/enterprise/v2
    User Name Enter the API Username to communicate with the CA.
    Password Enter the API Password to communicate with the CA.
    Auto Approve Select the checkbox to avoid queuing of new certificates in the CA portal.
    Note: The asterisk (*) symbol indicates a mandatory field.
  6. Update the following details in the Advanced Settings section as described in the table.
    Table 3. Advanced Settings - Field Description Table
    Name Description
    Poll after CSR Submission A check box field when selected will fetch the certificated immediately after CSR Submission on enrollment, renew, and reissue of certificate with the retry count and retry frequency as described below.
    *Retry Count The number of times the polling will take place after CSR submission. Enter a value between 1 and 10.
    *Retry Frequency The duration of the polling. enter the value between 1 and 30seconds
    Note: The asterisk (*) symbol indicates a mandatory field.
  7. Click Fetch Custom Attributes.
    The attributes available for the CA account will be fetched from the Certificate Authority along with the CA and profile names.
    Note: The pop-up message is displayed as CA and profiles fetched.
  8. Click Save.
    The created Entrust configuration settings will be added.
    Note: The pop-up message is displayed as <CA_name> Settings Added.