Enabling AppViewX Signer

AppViewX Signer, the sub component of cert-orchestrator deployed in the Kubernetes cluster here solves the real-world challenge of Istio by signing the workload certificates with a trusted CA and installing the trust anchor within the cluster in auto enrolled fashion.

2 Steps to Enable the Zero Trust Security for Containers Using mTLS Certificates

  1. Enforce PKI policies to ensure the use of compliant CAs and strong crypto-standards in your service mesh configuration.

  2. Enable External CA signing mode for your Service Mesh configuration to sign workloads with mTLS certificates from your Enterprise PKI.

Steps to Enable a Signer for mTLS Certificate Issuance

To enable Signer for mTLS certificate issuance for your cluster, follow these below steps.

  1. Onboard Cluster - Deploy / enable AppViewX Signer as a part of the KUBE+ component (cert-orchestrator).

  2. Policy Enforcement - Define and enforce CA and Cluster Policy

  3. Onboard Mesh - Configure CSR signing mode and the Certificate Authority to be used in Service Mesh.

  4. Enable External CA Mode - Configure Service Mesh to External CA mode for CSR signing.