OpenTrust CA

Configuring OpenTrust CA

To configure the OpenTrust CA:

  1. Go to menu > KUBE+ > CLUSTER PKI > Certificate Authority.
  2. Click the +Add icon on the top right of the page.
  3. Select the OpenTrust in the left side vendor list.
  4. Update the following details in the General Information section as described in the table:
    Table 1. General Information - Field and Description Table
    Name Description
    *CA Account name

    A unique name to identify the CA setting.

    Note: No special characters other than ‘.’, ‘-’,’_’ are allowed. Names should not start with special characters.
    *Purpose/Usage

    Certificate Type for which CLM actions will be enabled.

    For example: Server and Client
    Proxy Required Enable this field if the CA communication needs to happen via Proxy. The proxy details configured in general settings will be used for communication.
    Data Center (AppViewX's CA agent) Select the data center through which the CA communication needs to happen.
    *: Mandatory fields
  5. Update the following details in the CA Configuration section as described in the table. These fields are necessary for invoking the OpenTrust CA APIs for Certificate Management.
    Table 2. CA Configuration - Field and Description Table
    Name Description
    *Client Authentication

    Client authentication certificate for API communication.

    Note: Must be a valid <.p12> file.
    *Base URL This URL will contain just the hostname of the OpenTrust CA instance. Eg - https://api.opentrust.net/enterprise/v2
    *: Mandatory fields
  6. Click Fetch CA and Profile Names.
    The attributes available for the CA account will be fetched from the Certificate Authority along with the CA and profile names.
    Note: The pop-up message is displayed as CA and profiles fetched.
  7. Click Save.
    The created OpenTrust configuration settings will be added.
    Note: The pop-up message is displayed as <CA_name> Settings Added.

Validating OpenTrust Connection

Once the OpenTrust settings are added, validation needs to be done to check whether the connection between AppViewX and OpenTrust is properly configured.

To validate the OpenTrust connection,

  1. Go to menu > KUBE+ > CLUSTER PKI > Certificate Authority
  2. Select the OpenTrust in the left side vendor list.
  3. Click Check to validate the CA setting that has been created.

    The CA communication will be validated and the Connection Status will be shown as either Success or Failure.