Configuring Policy for Amazon CA

To configure an Amazon CA policy,

  1. Go to menu > KUBE+ > Groups & Policies > CA Policy
    On the CA Policy page, the configured policies are displayed, if any.
    Note: KUBE+ is packaged with default policies they are Default and Certificate-Gateway.
  2. Click + Create on the top-right of the page.
  3. Refer Configuring Policy Details to configure,
    • Policy Details section
    • Group Selection section
    • Compliance Check section
  4. On the CA Policy: Create page, click Amazon under the CA details on the left side of the screen.
    Table 1. CA Details for Amazon Policy
    Name Description
    *CA Accounts The Amazon CA accounts configured in the CA settings screen are listed. Select a CA account from the list to create the policy.
    Note: The asterisk (*) symbol indicates a mandatory field.
  5. Click Add.
  6. You can use the delete icon against the CA account to delete the configuration.
    Table 2. Field and Description for Certificate Parameter
    Field Description
    Host Name Enter the host name.
    Allowed Domain Names As you type the domain name, the matching domain names are displayed. Select the desired domain names.
    Common Name

    You can provide the common name. For example, *.domain.com

    It helps enforce domains for which a certificate can be requested. Common Name is enforced while performing any certificate request operations such as New, Renew, Regenerate.

    Note: Use Asterisk (*) for the host part of the FQDN to enforce the domain. For example, *.domain.com will only allow users to request certificates with domain.com. Allowed Special Characters: Asterisk (*), Hyphen (-), Period (.)
    Subject Alternative Name

    You can provide the subject alternative name (SAN)

    It helps enforce additional domains for which a certificate can be requested. Subject Alternative Name is enforced while performing certificate request operations such as New, Renew, and Regenerate.

    Note: Use Asterisk (*) for the host part of the FQDN to enforce the domain. For example, *.domain.com will only allow users to request certificates with domain domain.com. Allowed Special Characters: Asterisk (*), Hyphen (-), Period (.), At (@)
  7. Click Save CA Details to save the configuration. A green tick mark will be displayed in the Certificate Authority pane against the Amazon option to indicate the details are successfully stored.
  8. Click Create Policy.
    The policy is created and a confirmation message displays.