Let’s Encrypt CA

Prerequisites

Following are the prerequisites for configuring Let’s Encrypt CA account in AppViewX:

AppViewX server should either have internet access or have a proxy configured in AppViewX general settings. Check Proxy Setup for the steps to configure proxy. https://adminguide.appviewx.com/proxy-4
Any one of the following Let’s Encrypt certificate enrolment URL as per requirement :
1. https://acme-staging-v02.api.letsencrypt.orgfor staging.
2. https://acme-v02.api.letsencrypt.org for production.

Configuring Let’s Encrypt CA

To configure the Let's Encrypt CA:

Go to menu > KUBE+ > CLUSTER PKI > Certificate Authority.
Click the +Add icon on the top right of the page.
Select the Let's Encrypt in the left side vendor list.

Update the following details in the General Information section as described in the table:

Table 1. General Information - Field and Description Table
Name	Description
*Name	A unique name to identify the CA setting. Note: No special characters other than ‘.’, ‘-’,’_’ are allowed. The name must not start with special characters.
*Purpose/Usage	The certificate types will be managed by these settings. For now, Let’s Encrypt is having only one purpose Server.
Proxy Required	Enable this field if the CA communication needs to happen via Proxy. The proxy details configured in general settings will be used for communication.
Data Center (AppViewX's CA agent)	Select the data center through which the CA communication needs to happen.
*: Mandatory fields

Update the following details in the CA Configuration section as described in the table. These fields are necessary for invoking the Let’s Encrypt CA APIs for Certificate Management.

Table 2. CA Configuration - Field and Description Table
Name	Description
*Base URL	Let’s Encrypt certificate enrolment URL either staging or production based on the requirement.
*Email ID(s)	Enter email ID(s) in this field to receive notifications from Let's Encrypt. Multiple email ID must be separated by comma (,).
*: Mandatory fields

Click Save.

Validating Let’s Encrypt

Once the Let’s Encrypt settings are added validation needs to be done to check whether the connection between AppViewX and Let’s Encrypt is properly configured. To validate the Let's Encrypt CA,

Go to menu > KUBE+ > CLUSTER PKI > Certificate Authority
Select the InCommon in the left side vendor list
The newly created and older settings are displayed in the grid.
Click Check to validate the CA setting that has been created. The CA communication will be validated and the Connection Status will be shown as either Success or Failure.