Client

Client certificate inventory is where all the client certificates with the EKU (Extended/enhanced Key Usage) Client authentication will be present.

In this release, renewals and regenerations of the client certificates are only supported through the Cert-Orchestrator, which is part of the in-cluster component of KUBE+.

To go to Client certificate inventory page, go to menu > KUBE+ > VISIBILITY > Client.

The following table describes the options available on the server certificate inventory page:
Table 1. Options available on the Client Certificate page
Options Description
Allows you to switch between the view by clicking the toggle button.
Groups Expanding this dropdown displays the certificate groups and the number of certificates in each group. Selecting a group will display the filtered list of certificates.
Filter Summary Displays the status of certificates according to expiry, compliance, validity, and so on.
Advanced Search

Allows you to perform a quick search for specific data. Clicking on the search bar dropdown opens the Advanced Search window.

To find the preferred server certificate, perform any of the following:

  1. Choose the CAs from the Certificate Authority dropdown menu.

  2. Enter the desired search terms in the Common Name, Serial Number, or Issuer Common Name field.

  3. Select a certificate attribute from the dropdown list and if required add more certificate attributes to the search criteria by clicking the Add Certificate Attribute.

  4. Click Search.

The matching server certificates are displayed on the Server Certificate page.
Actions

Displays the list of actions you can perform on the certificates.

  • Export Certificates

  • Download Certificates

  • Delete

  • Change Status

  • Assign Group

  • Unassign Group

  • Add/Modify Comments

  • Certificate Attributes

  • Renew Certificate

  • Revoke Certificate

  • CA Switch

  • Revocation Check
Columns Allows you to select the columns to be displayed on the Server Certificate inventory page.
Number of Rows per Page Hover the mouse over the number of row displayed on the page, the Show popup opens and choose the no. of rows to be displayed on the page.
Allows to switch between the certificate inventory pages.
Allows to refresh the certificate inventory data.
The Client Certificate inventory list includes the following information:
Table 2. Column and Description Table
Column Name Description
Common Name The common name of the certificate.
Discovery Source The source from which a certificate management system discovers and retrieves information about certificates
Serial Number A unique identifier assigned to the certificate by the CA during the issuance process.
Group The certificate group name.
Issuer Common Name Issuer name of the certificate.
Valid To (GMT) The expiration date and time of a certificate, expressed in Greenwich Mean Time (GMT).
Status The status of the certificate.
Certificate Authority Name of the Certificate Authority (CA).
Kube Attributes Kubernetes Attributes to identify certificates linked to specific objects, namespaces, and clusters.

All

This inventory displays all CLM-issued, discovered, or uploaded Client Authentication certificates.

Ingress Certificates

Certificates discovered from Kubernetes secrets and secrets associated with kubernetes ingresses are classified as Ingress certificates.

Infrastructure Certificates

Certificates discovered from Kubernetes control plane components via feature gate “Discover K8’s Infra Certificates” are classified as Infrastructure certificates.

ServiceMesh

KUBE+ provides the feature gate to secure pod-pod communication in a Kubernetes service mesh infrastructure with mTLS certificates signed by Enterprise PKI. If the feature gate “Enable mTLS certificates for Service Mesh” is enabled the mTLS certificates signed by AppViewX will be classified as Service Mesh certificates.

Others

Certificates discovered from Kubernetes secrets and not associated with any ingresses (or) which does not classify into any of the above categories will be classified as Other certificates.