For PKIaaS Native Initialization

  1. Go to (Menu) icon > PKI+ > Settings.
    The Settings page appears.
  2. Enter the fields as described in the table.
    Table 1. Field Description for General Settings section
    Field Description
    Key Ceremony Admins Select two key ceremony administrators.
    Note:
    • Only the default administrators can add key ceremony administrators.
    • If key ceremony administrators are configured, only they have the authority to add or remove custodians. However, key ceremony administrators cannot be designated as custodians themselves.
    • SSO users cannot be key ceremony administrators.
    Issued certificate status in CERT inventory Select any of the options:
    • Managed: Certificates issued via AppViewX PKIaaS are added in the inventory as Managed.
    • Monitored: This is the default selection. Certificates that are auto-enrolled are added in the inventory as Monitored.
    Note: Fields marked with red asterisk (*) symbol are mandatory.
  3. Click Save.
  4. Upload the CPS document.
    Table 2. Fields for CPS Upload section
    Field Description
    *Upload CPS A CPS (Certification Practice Statement) is a comprehensive document that defines the practices, procedures, and responsibilities of a Certificate Authority (CA) in issuing and managing digital certificates. It offers transparency into the CA's operations, detailing how certificates are requested, validated, issued, renewed, revoked, and how the CA ensures the security and integrity of these processes.

    The CPS is a critical element in PKI that establishes the trust framework governing the CA's activities. It is especially important for auditors, relying parties (those who verify certificates), and relying organizations to understand the CA’s operational procedures, security safeguards, and risk management strategies.

    CP and CPS are configurable under templates as per the customer policies. Customers can also upload their CPS document (.pdf) to PKIaaS for hosting. In this case, the CPS URL will be auto generated while template configuration. The certificate policy link present in the template will be part of the issued certificate's policy extension.
    Note: If you are using AppViewX to host, then by default the URI is generated for the template that is reflected in the certificate, so the default URI has to be retained as is. If any changes are made, then those changes will be reflected in the certificate and the CPS will not be hosted.
    Note: Field marked with red asterisk (*) symbol are mandatory.