Adding/Enrolling Certificate

To enroll a certificate:

  1. Go to (Menu) icon > CERT+.
    The CERT+ left navigation pane appears.
  2. Click Enroll Certificate from Certificate Action on the LHS pane.
  3. Select Server, Client, or Code Signing Certificate depending on the type of certificate(s) you want to enroll.

    The Enroll Certificate page appears.

  4. In the General Information section of the Enroll Server Certificate page, select the desired Assign Group from the dropdown list.
  5. In the CA Details section, enter the details as follows:
    Table 1. Field Description for CA Details section
    Field Description
    *Certificate Authority Select AppViewX PKIaaS.
    *Regenerate Automatically Select the toggle button to On or Off.
    • When the toggle is enabled, the Start Regenerating option is enabled.
    • Enter the number of days to regenerate the certificate automatically before expiry.
    *CA Account The account to which the enrollment request is submitted. By default, it is pkidev.
    Certificate Profile Select the profile from the dropdown list. While enrolling server certificate, you get the option of OcspSigning as well in the dropdown list.

    For more information, see CERT+ > Administration > Certificate Profiles.

    *Issuer Location Select an issuer location from the dropdown list.
    *Issuer Name Select an issuer name to issue the certificate from the dropdown list.
    *Connector Name Enter the friendly name for Certificate Authority connector in this field, which will be displayed in the holistic view on saving this form. By default, it is AppViewX PKIaaS CA connector.
    Description Enter the description in this field.
    Note: You can enter a maximum of 2000 words in the field.
    *CSR Generation Select the CSR generation option as required.
    • AppViewX: Private key and CSR are created in AppViewX based on CSR parameters given.
    • Upload CSR: Uploaded CSR is taken as a source to populate CSR parameters and submit to CA.
    Note: Fields marked with red asterisk (*) symbol are mandatory.
  6. In the CSR Parameters section, enter the details as follows:
    Table 2. Field Description for CSR Parameters section
    Field Description
    *Common Name The common name is one of the key values of the Certificate Signing Request (CSR) to be present on the certificate. For example, <appviewx>.
    Note: No special characters allowed except period(.), hyphen (-), and underscore (_).
    Subject Alternative Name Select the subject alternative subject name from the dropdown list. You can see the count of subject alternative names (SAN) available for a certificate in the CSR parameter section, inventory grid, and CA connector page.
    Note:
    • Multiple values must be separated by a comma.
    • The cumulative count SANs appears in the certificate property window from the holistic view.
    Organization The organization name is one of the CSR parameters to be present in the certificate. This field will be auto-filled and editable based on the configuration in the selected group’s policy.
    Organization Unit The organization unit name is one of the CSR parameters to be present in the certificate. This field will be auto-filled and editable based on the configuration in the selected group’s policy.
    Locality The locality name is one of the CSR parameters to be present in the certificate. This field will be auto-filled and editable based on the configuration in the selected group’s policy.
    State The state name is one of the CSR parameters to be present on the certificate. This field will be auto-filled and editable based on the configuration in the selected group’s policy.
    Country Country name is one of the CSR parameters to be present in the certificate. This field will be auto-filled and editable based on configuration. It must be a 2-letter country code (for example, US, and so on).
    Email Address The email contact details of the person responsible for maintaining the certificate. Enter a valid e-mail address.
    *Validity Enter the number in this field and select the entered validity list to be in Days, Months, and Years from the dropdown lists controlled by the group’s policy.
    *Hash Function The Hash function with which the CSR has to be signed. Any information specific to any CA or vendor has to be covered in the Note section. This field will be auto-filled and editable based on the configuration in the selected group’s policy.
    *Key Type The key type is used while creating a private and public key pair. This field will be auto-filled and editable based on the configuration in the selected group’s policy.
    *Bit Length The bit length is used while creating a private and public key pair. This field will be auto-filled and editable based on the configuration in the selected group’s policy.
  7. In the Attachments section, there is an optional field where the user/admin wants to keep any relevant attachment for the certificate enrollment, such as an approval email.
    Note: During certificate actions, the user can upload and maintain the additional necessary documents.
    The following table describes the options available in the attachments section.
    Table 3. Field Description for Attachments section
    Field Description
    Name Enter the alternate name for the document to be uploaded.
    Comments Enter the comments in this field.
    Note: You can enter a maximum of 2000 words in the field.
    Upload File Click to upload a file.
  8. Other than the CSR fields, you can add organization-specific values along with CSR. These values will not be part of the certificate but will be available in the AppViewX inventory. For example: cost center. Inventory can be filtered based on these attributes as well. If the Certificate Attributes are added under Administration > Certificate Attributes, it is reflected in the enrolment page.
  9. In the Generic Fields section, enter the Device Name and the Application IP Address.
  10. In the Vendor specific details section, the Certificate ID is auto-populated based on the value entered in the Common Name field.
  11. Click Add. Once the details are added, it will redirect you to the page where you can see the respective CSR and CA details added as a connector. This page is called holistic view and from here any action on the certificate can be performed including provisioning the certificate to a server.
  12. Click the Submit button to trigger the request.
    Once the submit action is triggered, the Submit popup window appears. Add comments if needed, and then click Yes. If the approved option is enabled in CA Policy, the request goes to the Approve and Implementation stages.
  13. Click Approve.
  14. The Approve pop-up window appears. Click the Schedule later button if the workflow request has to be approved automatically in the future.
  15. Enter the comments in the field.
  16. Click Yes.
    Once approved, you can see the Implement option in a holistic view.
  17. Click Implement.
  18. The Implement pop-up window appears. Click the Schedule later button if the workflow request has to be implemented automatically in the future.
  19. Enter the comments in the field.
  20. Click Yes.
What to do next

CSR Submission to CA is in progress.

Once the CSR submission is successful, the request state will be changed to Submit certificate - retrieval in progress state.

If the enrollment request is compliant with conditions defined and auto-approval enabled in the targeted CA, the certificate is fetched in a few seconds.

If auto-approval is disabled in the targeted CA, the user has to be logged into CA and approve the request.

Once the certificate is issued successfully, the certificate is retrieved to AppViewX.