EJBCA CA

Prerequisites

Following are the prerequisites for configuring EJBCA account in AppViewX:
  • An EJBCA client certificate for a user having the necessary access for enrolling the certificates and other CLM operations.
  • AppViewX server should either have internet access or have a proxy configured in AppViewX general settings.

Configuring EJBCA

To configure the EJBCA CA:

  1. Go to menu > KUBE+ > CLUSTER PKI > Certificate Authority.
  2. Click the +Add icon on the top right of the page.
  3. Select the EJBCA in the left side vendor list.
  4. Update the following details in the General Information section as described in the table:
    Table 1. General Information - Field and Description Table
    Options Description
    *CA Account name

    A unique name to identify the CA setting.

    Note: No special characters other than ‘.’, ‘-’,’_’ are allowed. Names should not start with special characters.
    *Purpose/ Usage Certificate Type for which CLM actions will be enabled. Example: Server, Client.
    Proxy Required Enable this field if the CA communication needs to happen via Proxy. The proxy details configured in general settings will be used for communication.
    Data Center (AppViewX's CA agent) Select the data center through which the CA communication needs to happen.
    *: Mandatory fields
  5. Update the following details in the CA Configuration section as described in the table. These fields are necessary for invoking the APIs for Certificate Management.
    Table 2. CA Configuration - Field and Description Table
    Options Description
    *Client Authentication

    Client authentication certificate for API communication.

    • Enter the valid password once the Authentication Details window is displayed.
    • Click OK.
    Note: Must be a valid <.p12> or <.pfx> file.
    *URL EJBCA URL
    *Discover by expiry days

    To get all the certificates that are expired and valid for specified days.

    Note: Must be a number.
    End entity profile names Required end entity profiles for CA setting.
    Custom attributes

    Required custom attributes for the specific end entity profile.

    Note: Validation can be added by the user in the regex box.
    *: Mandatory fields
  6. Click Validate and Fetch.
    The End entity profiles available for the CA account will be fetched along with the certificate profile from the Certificate Authority.
  7. Update the following details in the Certificate Attributes section as described in the table:
    Table 3. Certificate Attributes Section - Field and Description Table
    Options Description
    *End Entry Profile Names Select the profile that is used in the certificate enrollment from the dropdown list.
    Custom Attributes Select the list attributes configured in CA to enroll certificates.
    Note:
    • *: Mandatory fields
    • Custom attributes should be configured as exactly as it is available in the EJBCA portal.
  8. Click Save.

Validating EJBCA

Once the EJBCA settings are added, validation needs to be done to check whether the connection between AppViewX and EJBCA is properly configured.

  1. Go to menu > KUBE+ > CLUSTER PKI > Certificate Authority
  2. Select the EJBCA in the left side vendor list.
  3. Click Check to validate the CA setting that has been created.
    The CA communication will be validated and the Connection Status will be shown as either Success or Failure.