Google CA

Prerequisites

Following are the prerequisites for configuring a Google CA account in AppViewX:

  • A Google client certificate or Google client authentication JSON for a user having necessary access for enrolling the certificates and for other Certificate Lifecycle Management(CLM) operations.
  • AppViewX servers should either have internet access or have a proxy configured in AppViewX general settings.
  • The URL https://www.googleapis.com should be reachable from AppViewX.

Configuring Google

To configure the Google CA:

  1. Go to menu > KUBE+ > CLUSTER PKI > Certificate Authority.
  2. Click the +Add icon on the top right of the page.
  3. Select the Google in the left side vendor list.
  4. Click the +Add icon on the top right of the page.
    The Google configuration page is displayed.
  5. Update the following details in the General Information section as described in the table:
    Table 1. General Information - Field and Description Table
    Name Description
    *CA Account name

    A unique name to identify the CA setting.

    Note: No special characters other than ‘.’, ‘-’,’_’ are allowed. The name should not start with special characters.
    *Purpose/Usage Certificate Type for which CLM actions will be enabled. For example, Server and Client
    Proxy Required Enable this field if the CA communication needs to happen via Proxy. The proxy details configured in general settings will be used for communication.
    Data Center (AppViewX's CA agent) Select the data center through which the CA communication needs to happen.
    *: Mandatory fields
  6. Configure it either Certificate Upload or JSON Upload. These fields are necessary for invoking the Google CA APIs via Certificate Upload for Certificate Management. Select the Certificate Upload check box,
    Table 2. CA Configuration - Field and Description Table
    Options Description
    *Certificate and Key Client authentication certificate for API communication.
    *Email address Email address of the user
    *Project Id ID of the project
    *: Mandatory fields
  7. Select the JSON Upload check box and configure a CA. Click the Upload button to upload the JSON file.
  8. Click Validate and Fetch. The issuer names available for the CA account will be fetched along with the validity of the issuers from the Certificate Authority.
  9. Click Save.

Validating Google

Once the Google settings are added validation needs to be done to check whether the connection between AppViewX and Google is properly configured. To validate the Google CA,

  1. Go to menu > KUBE+ > CLUSTER PKI > Certificate Authority
  2. Select the Google in the left side vendor list
    The newly created and older settings are displayed in the grid.
  3. Click Check to validate the CA setting that is created.
    CA communication is validated and the Connection Status is shown as either Success or Failure.