Server
Server certificate inventory is where all the server certificates with the EKU (Extended/enhanced Key Usage) Server authentication will be present.
In this release, renewals and regenerations of the server certificates are only supported through the Cert-Orchestrator, which is part of the in-cluster component of KUBE+.
To go to Server certificate inventory page, go to menu > KUBE+ > VISIBILITY > Server.
| Options | Description |
|---|---|
 |
Allows you to switch between the view by clicking the toggle button. |
| Groups | Expanding this dropdown displays the certificate groups and the number of certificates in each group. Selecting a group will display the filtered list of certificates. |
| Filter Summary | Displays the status of certificates according to expiry, compliance, validity, and so on. |
| Advanced Search |
Allows you to perform a quick search for specific data. Clicking on the search bar dropdown opens the Advanced Search window. To find the preferred server certificate, perform any of the following:
The matching server certificates are displayed on the Server Certificate page. |
| Actions |
Displays the list of actions you can perform on the certificates.
|
| Columns | Allows you to select the columns to be displayed on the Server Certificate inventory page. |
| Number of Rows per Page | Hover the mouse over the number of row displayed on the page, the Show popup opens and choose the no. of rows to be displayed on the page. |
 |
Allows to switch between the certificate inventory pages. |
 |
Allows to refresh the certificate inventory data. |
| Column Name | Description |
|---|---|
| Common Name | The common name of the certificate. |
| Discovery Source | The source from which a certificate management system discovers and retrieves information about certificates |
| Serial Number | A unique identifier assigned to the certificate by the CA during the issuance process. |
| Group | The certificate group name. |
| Issuer Common Name | Issuer name of the certificate. |
| Valid To (GMT) | The expiration date and time of a certificate, expressed in Greenwich Mean Time (GMT). |
| Status | The status of the certificate. |
| Certificate Authority | Name of the Certificate Authority (CA). |
| Kube Attributes | Kubernetes Attributes to identify certificates linked to specific objects, namespaces, and clusters. |
All
This inventory displays all CLM-issued, discovered, or uploaded Server Authentication certificates.
Ingress Certificates
Certificates discovered from Kubernetes secrets and secrets associated with Kubernetes ingresses are classified as Ingress certificates. Similarly, certificates linked to OpenShift routes are also classified as Ingress certificates.
Infrastructure Certificates
Certificates discovered from Kubernetes control plane components via feature gate “Discover K8’s Infra Certificates” are classified as Infrastructure certificates.
ServiceMesh
KUBE+ provides the feature gate to secure pod-pod communication in a Kubernetes service mesh infrastructure with mTLS certificates signed by Enterprise PKI. If the feature gate “Enable mTLS certificates for Service Mesh” is enabled the mTLS certificates signed by AppViewX will be classified as Service Mesh certificates.
Others
Certificates discovered from Kubernetes secrets and not associated with any ingress (or) which does not classify into any of the above categories will be classified as Other certificates.