Prerequisites
Prerequisites
On-premise deployments using AppViewX PKIaaS Native CA
- Ensure these plugins are available:
- avx-pkiaas-ca-server
- avx-pkiaas-cert-ocsp-server
- avx-pkiaas-cert-ocsp-generator
- avx_platform_gateway_external
- avx_vendor_cert_scep_agent
- Ensure these plugins are enabled and are up and running.
- OCSP HTTP Response Verification
- Use the following command to verify the presence of the required
service
port:
bash kubectl get svc -A | grep "avx-platform-gateway-scep" - Ensure that the 30022 port is listed. This port is critical for serving OCSP HTTP responses, which are used to check certificate statuses.
- Use the following command to verify the presence of the required
service
port:
- Configure SMTP server, which is tested successfully, to send test emails to the custodian email ID addresses.
- Provide a CA name for reference and activate by going to
(Menu) icon > CERT+
> Administration > Certificate Authority. - Onboard at least two custodians before creating CA hierarchy. You can
complete the addition of custodians by going to (Menu)
icon PKI+ > Custodian Management with the following privileges under
RBAC roles and resources.
- Roles automation > service request full
- PKI > view all (optional)
- Resources > workflow studio, workflow request > PKI+, approval_request
Note: No CA action is possible until at least two active custodians are in the system. - Network Prerequisites
- All infrastructure network devices must be able to connect to the AppViewX nodes on 31443 ( for Web, API calls, CRL).
- All infrastructure devices must be able to connect to the AppViewX nodes on 30022 (for OCSP and SCEP).
- AppViewX must be able to connect to the SMTP server to send test emails to the custodian email ID addresses.