CSC Global CA

Prerequisites

The following values are required to configure the CSC Global CA:
  • CA Base URL (the value is available in the UI field of the CA setting page)
  • API Key
  • Token
  • AppViewX server should either have internet access or have a proxy configured in AppViewX general settings. Refer to the section Managing Proxy Settings in the Platform guides.

For API Key and Token, follow the steps below:

  1. Login to https://weblogin.cscglobal.com/public/login and click CSC Domain Manager (you will see the CSC Domain Manager page after the 2-factor authentication).
  2. On the top navigation bar, click API > API Administration.
  3. The organization account has the common API Key displayed above the user-list table. Click Show to view and copy the API key.

    Multiple users can use the same API key, but each user has an individual token that admins/users can create.

  4. If a first time user or users with an expired token, click Create Token.
    The token is displayed in a pop-up only once at the time of creation. Save and copy for further use.
    Note: Current users can rotate/renew/ or create new tokens (this can only be done until the current token is valid) using the Refresh Expired Token API.

Configuring CSC Global CA

  1. Go to (Menu) > SIGN+ > ADMINISTRATION > Certificate Authority.
  2. From the displayed CA, Select CSC.
    The CSC home page is displayed.
  3. Click the Configure Now button or +Add icon from the middle or top-right of the page respectively.
    The CSC Global CA configuration page is displayed.
  4. Update the following details in the General Information section as described in the table:
    Table 1. General Information - Field Description Table
    Fields Description
    *CA Account name Enter a unique name in the text field to identify the CA account and be represented during certificate enrollment and policy creation. No special characters other than ‘.’, ‘-’,’_’ are allowed. Names should not start with special characters.
    *Purpose/Usage Select the purpose of the certificate from the dropdown list for which CLM actions will be enabled.

    Example: Server, Client
    Proxy Required Enable this field if the CA communication needs to happen via Proxy. The proxy details configured in general settings will be used for communication.
    Data Center (AppViewX's CA agent) Select the data center through which the CA communication needs to happen.
    *: Mandatory fields
  5. Update the following details in the CA Configuration section as described in the table. These fields are necessary for invoking the CSC Global CA APIs for Certificate Management:
    Table 2. CA Configuration - Field Description Table
    Fields Description
    *CA Base URL Enter the base URL that will be used to construct the API request. The value is https://apis.cscglobal.com/dbs/api/v2
    *API Key Enter the API key which is a unique identifier used to authenticate the user. The value entered will be masked and encrypted.
    Token Enter the API token which is used to authenticate users or applications and provide access to protected resources. The value entered will be masked and encrypted.
    *: Mandatory fields
  6. Click Fetch Domain.
    If the data provided is accurate the success message “Domains fetched successfully“ will be displayed and a table is displayed with two columns - Account Number and Domain Name. A list of active domains in AppViewX are listed in the table. Each account can hold multiple domains.
  7. Update the following details in the Advanced Settings section as described in the table.
    Table 3. Advanced Settings - Field Description Table
    Fields Description
    *Poll after CSR submission Selecting the checkbox enables polling after CSR submission. It fetches the certificates immediately after CSR submission on enrollment, renew, and reissue with the retry count and retry frequency specified in the fields below.
    *Retry Count Enter a value between 1 - 10.
    *Retry Frequency Enter a value between 1 - 30 seconds.
    *: Mandatory fields
  8. Click Save.
    The CA details are saved and the Fetch Custom Fields button is enabled.
    Note: In case “Fetch Domains” and “Fetch Custom Fields” are not triggered before saving CA settings, this action can explicitly perform both these actions and update the CA.
  9. To get the list of custom fields configured (if any), click Fetch Custom Fields.
    If the custom fields are configured they will be displayed in a table with two columns - Name and Mandatory/Optional.
    1. Enter the values for the custom fields.
    2. Click Save.
      The details are saved.
      Note: These custom fields attributes are displayed in the certificate enrollment form at the time of enrollment.

Validating CSC Global

Once the CSC Global CA settings are added, validation needs to be done to check whether the connection between AppViewX and CSC is properly configured.
  1. On the CSC CA page, the above configured CA will be displayed with a Check button in the last column of the table.
  2. Click Check to validate the CA setting that is created.
    The CA communication will be validated and the Connection Status will be shown as either Success or Failure.