Configuring Microsoft Enterprise CA

To configure the Microsoft enterprise CA,

  1. Go to menu > KUBE+ > CLUSTER PKI > Certificate Authority
  2. Click the +Add icon on the top right of the page.
  3. Select the Microsoft in the left side vendor list, and then click the Enterprise tab.
  4. Update the following details in the General Information section as described in the table:
    Table 1. General Information - Field Description Table
    Name Description
    *CA Account name

    A unique name to identify the CA setting.

    Note: No special characters other than ‘.’, ‘-’,’_’ are allowed. Names should not start with special characters.
    *Purpose/Usage Certificate Type for which CLM actions will be enabled. Example. Server, Client, Code Signing
    Proxy Required Enable this field if the CA communication needs to happen via Proxy. The proxy details configured in general settings will be used for communication.
    Data Center (AppViewX's CA agent) Select the data center through which the CA communication needs to happen.
    Note: The asterisk (*) symbol indicates a mandatory field.
  5. Update the following details in the CA Configuration section as described in the table.
    Table 2. CA Configuration - Field Description Table
    Name Description
    *Windows Gateway URL Enter the URL where the AppViewX agent is running.
    *Windows Gateway Type The mode of communication types from Windows Gateway machine to CA machine. Available types are NATIVE API, POWERSHELL, WMI. Refer Communication Mode
    Client Authentication Certificate The client certificate used while installing Windows Gateway. Users can use the default client certificate (ClientCertificateGateway.pfx) or the custom certificate given by the Customer.
    *Credential Type

    Type of credential to be used. Either Manual Entry or Credential List.

    Username User name of the credentials.
    Password Password for the username.
    Note: The asterisk (*) symbol indicates a mandatory field.
  6. Click Fetch CA Names to retrieve CAs accessible from Windows Gateway installed machine.
    Upon successful completion of Fetch CA Names, all reachable CAs listed in Select CA.
  7. Click on one specific CA and proceed.
    Table 3. Dynamic Fields for the Select CA Section
    Name Description
    Select CA All the reachable CAs are listed here.
    *CA Machine Hostname Host name of the CA Machine will be auto-filled.
    *CA Name Name of the CA chosen which will be auto-filled.
    CA Manager Approval Approves the pending enroll / Renew request submitted from AppViewX Certificate.
    *Time Zone To perform scheduled and Optimized CA discovery, please provide time zone value.
    Note: The asterisk (*) symbol indicates a mandatory field.

Using Native API

Using Powershell and WMI
  1. Configure the Template Details.
    Once CA is selected from the Select CA list, the Template details should have auto-filled.
    Note: If the desired template is not listed, it might not be published in AD. Users can add it manually through MS Template name and OID fields.

  2. In the Template Details section, select/enter the details.

  3. Click Save.