Configuring Policy Details

To configure a policy:

  1. Go to menu > KUBE+ > Groups & Policies > CA Policy.
    On the CA Policy page, the configured policies are displayed, if any.
    Note: KUBE+ is packaged with default policies they are Default and Certificate-Gateway.
  2. Click on the menu bar.
  3. On the CA Policy : Create page, enter/select the field information for the Policy Details section.
    Table 1. Field and Description for the Policy Details Section
    Name Description
    *Policy name

    Provide a unique name to identify the CA policy name.

    Note: No special characters other than ‘.’, ‘-’,’_’ are allowed. The name should not start with special characters.
    Description Provide a description of the policy.
    *Policy Enforcement Type
    Select a policy enforcement type. The options are:

    • Strict (default) - This enforces the standards defined in the policy where a user cannot modify any parameters.

    • Suggestive - This suggests users with policy parameters. A user can modify suggested values if required.
    Certificate Requests Need Approval When enabled, it will enforce the peer approval process for any requests made for new/renew/regenerate/reissue or revocation of certificates. Peer approving the request is defined in the approval workflow.
    Enable Access to Private Key When enabled allows the user to download private keys from the holistic view.
    Enable certificate push-bind access for a read-only user Enabling the option might allow the user with the read-only user group to perform certificate push, bind, and rollback operations from the holistic view.
    Validate issuer and root certificate for compliance Enabling the option would validate if the Issuer and Root of the certificate are also compliant with the standard defined in the policy.
    *: Mandatory fields
  4. In the CA details, select a certificate authority, fill the necessary details, and then click Save CA Details.
  5. In the Group selection section, select a group(s) to apply the policy to all the certificates for the selected group.
    Note: Additionally, you can find the preferred group(s) by entering the search key word in the Search field. The search key words can be added as Favorites for future use.
  6. In the Compliance Check section, you can enable the Perform Compliance check option to perform an immediate compliance check.
    Note: Scheduled Compliance check will run periodically based on the Job scheduler settings.
  7. Click Create Policy.