InCommon CA

Prerequisites

Following are the prerequisites for configuring InCommon CA account in AppViewX:
  • InCommon Certificate Manager credentials having necessary access for enrolling the certificates.
  • AppViewX server should either have internet access or have a proxy configured in AppViewX general settings. Check Proxy Setup for the steps to configure the proxy. https://adminguide.appviewx.com/proxy-4
  • Username and Password as set up in the Certificate Manager tool.
  • An OrgID as provided by InCommon Certificate Manager.
  • The login URL and URI.

Configuring InCommon CA

To configure the InCommon CA:

  1. Go to menu > KUBE+ > CLUSTER PKI > Certificate Authority.
  2. Click the +Add icon on the top right of the page.
  3. Select the InCommon in the left side vendor list.
  4. Update the following details in the General Information section as described in the table:
    Table 1. General Information - Field and Description Table
    Name Description
    *CA Account name

    A unique name to identify the CA setting.

    Note: No special characters other than ‘.’, ‘-’,’_’ are allowed. The name must not start with special characters.
    *Purpose/ Usage

    Certificate Type for which CLM actions will be enabled. For example, Server, Client.
    Proxy Required Enable this field if the CA communication needs to happen via Proxy. The proxy details configured in general settings will be used for communication.
    Data Center (AppViewX's CA agent) Select the data center through which the CA communication needs to happen.
    *: Mandatory fields
  5. Update the following details in the CA Configuration section as described in the table. These fields are necessary for invoking the InCommon CA APIs for Certificate Management.
    Table 2. CA Configuration - Field and Description Table
    Name Description

    *Base URL

    This URL will contain just the hostname of the InCommon CA instance. For example, https://cert-manager.com/customer/<<customer_uri>>/ssl- here base URL is https://cert-manager.com.

    Note: No special characters other than ‘.’, ‘-’,’_’ are allowed. The name must not start with special characters.
    *Login URL URI specific to the InCommon CA Customer Account. For example, https://cert-manager.com/customer/<<customer_uri>>/ssl- here URI is customer_uri.
    *User Name User name for the account created with InCommon CA.
    *Password Password for the account created with InCommon CA.

    *Organization ID

    		InCommon supports organization hierarchy. Id of the Organization Unit/Department in which Certificates need to be managed has to be specified here. CLM actions done using this CA account will be specific to this particular organization's id/department.
    Note:

    • *: Mandatory fields

    • If the certificates from multiple organization's units/departments need to be managed, then a separate CA has to be configured for each organization unit/department in the InCommon CA setting page.
  6. Select Fetch Certificate Types.
    The Certificate types available for the CA account will be fetched from the Certificate Authority.
  7. Click Save.

Validating InCommon CA

Once the InCommon settings are added validation needs to be done to check whether the connection between AppViewX and InCommon is properly configured. To validate the InCommon CA,

  1. Go to menu > KUBE+ > CLUSTER PKI > Certificate Authority
  2. Select the InCommon in the left side vendor list
    The newly created and older settings are displayed in the grid.
  3. Click Check to validate the CA setting that has been created.
    The CA communication will be validated and the Connection Status will be shown as either Success or Failure.