SwissSign CA

Prerequisites

The following values are needed to configure the SwissSign CA:

CA Base URL (the value is available in the UI field of the CA setting page)
Username
API key
AppViewX server should either have internet access or have a proxy configured in AppViewX general settings. Refer to the section Managing Proxy Settings in the Platform guides.

SwissSign issues the Username and API key. The SwissSign team manages user creation and access controls for users. Users must have a level of RAO (Registration Authority Officer) or higher to perform actions like issuing, revoking, updating, and viewing certificates.

Configuring SwissSign CA

Go to (Menu) > SIGN+ > ADMINISTRATION > Certificate Authority.
From the displayed CA, Select SwissSign.
The SwissSign home page is displayed.
Click the Configure Now button or +Add icon from the middle or top-right of the page respectively.
The SwissSign CA configuration page is displayed.

Update the following details in the General Information section as described in the table:

Table 1. General Information - Field Description Table
Fields	Description
*CA Account name	Enter a unique name in the text field to identify the CA account and be represented during certificate enrollment and policy creation. No special characters other than ‘.’, ‘-’,’_’ are allowed. Names should not start with special characters.
*Purpose/Usage	Select the purpose of the certificate from the dropdown list for which CLM actions will be enabled. Example: Server, Client
Proxy Required	Enable this field if the CA communication needs to happen via Proxy. The proxy details configured in general settings will be used for communication.
Data Center (AppViewX's CA agent)	Select the data center through which the CA communication needs to happen.
: Mandatory fields*

Update the following details in the CA Configuration section as described in the table. These fields are necessary for invoking the CSC Global CA APIs for Certificate Management:

Table 2. CA Configuration - Field Description Table
Fields	Description
*CA Base URL	Enter the base URL that will be used to construct the API request. The value is https://api.ra.swisssign.ch
*Username	Enter the service account username to communicate with the RA.
*API Key	Enter the API key which is a unique identifier used to authenticate the user. The value entered will be masked and encrypted.
: Mandatory fields*

Click Fetch Clients and Products.
If the data provided is accurate the success message “Clients and Products fetched successfully“ will be displayed and a table is displayed with two columns - Client and Product Name (the product name is similar to the certificate profile).

Update the following details in the Advanced Settings section as described in the table.

Table 3. Advanced Settings - Field Description Table
Fields	Description
*Poll after CSR submission	Selecting the checkbox enables polling after CSR submission. It fetches the certificates immediately after CSR submission on enrollment, renew, and reissue with the retry count and retry frequency specified in the fields below.
*Retry Count	Enter a value between 1 - 10.
*Retry Frequency	Enter a value between 1 - 30 seconds.
: Mandatory fields*

Click Save.
In case of success the message “CA setting updated successfully“ is displayed and for failure “CA setting update failed“ is displayed.
Note: In case “Fetch Clients and Products” are not triggered before saving CA settings, this action can explicitly perform both these actions and update the CA.

Validating SwissSign CA

Once the SwissSign CA settings are added, validation needs to be done to check whether the connection between AppViewX and SwissSign is properly configured.

On the SwissSign CA page, the above configured CA will be displayed with a Check button in the last column of the table.
Click Check to validate the CA setting that is created.
The CA communication will be validated and the Connection Status will be shown as either Success or Failure.