Entrust CA

Prerequisites

To configure a Entrust CA account in AppViewX, you will need:
  • An Entrust client authentication certificate
  • Credentials (API username and API key) for an account with the requisite access for executing CLM actions

    For links to detailed instructions to get the above information from Entrust, see the References section.

  • Internet access or a proxy configuration for the AppViewX server. Refer the Managing Proxy Settings documentation in the Platform guides.

Configuring Entrust

  1. Go to (Menu) > CERT+ > ADMINISTRATION > Certificate Authority.
  2. From the displayed CA, Select Entrust.
    The Entrust home page is displayed. The Entrust tab is selected by default.
  3. Click the Configure Now button or +Add icon from the middle or top-right of the page respectively.
    The Entrust configuration page is displayed.
  4. Update the following details in the General Information section as described in the table:
    Table 1. General Information - Field Description Table
    Fields Description
    *CA Account name A unique name to identify the CA setting. Note: No special characters other than ‘.’, ‘-’,’_’ are allowed. Names should not start with special characters.
    *Purpose/Usage Certificate Type for which CLM actions will be enabled.

    For example: Server and Client
    Proxy Required Enable this field if the CA communication needs to happen via Proxy. The proxy details configured in general settings will be used for communication.
    Data Center (AppViewX's CA agent) Select the data center through which the CA communication needs to happen.
    *: Mandatory fields
  5. Update the following details in the CA Configuration section as described in the table. These fields are necessary for invoking the Entrust CA APIs for Certificate Management.
    Table 2. CA Configuration - Field Description Table
    Fields Description
    *Client Authentication The client authentication certificate from Entrust for API communication.
    Note: Must be a valid <.p12> file.

    To generate an CSR within AppViewX refer to Generating a CSR and download the CSR. Further, upload the CSR to the Entrust homepage.
    *Base URL This URL will contain just the hostname of the Entrust CA instance. The default value is https://api.entrust.net/enterprise/v2.
    *API Username Enter the API Username to communicate with the CA.
    *API Key Enter the API Password to communicate with the CA.
    Auto Approve Select the checkbox to avoid queuing of new certificates in the CA portal.
    *: Mandatory fields
  6. Update the following details in the Advanced Settings section as described in the table.
    Table 3. Advanced Settings - Field Description Table
    Fields Description
    Poll after CSR Submission A check box field when selected will fetch the certificated immediately after CSR Submission on enrollment, renew, and reissue of certificate with the retry count and retry frequency as described below.
    *Retry Count The number of times the polling will take place after CSR submission. Enter a value between 1 and 10.
    *Retry Frequency The duration of the polling. enter the value between 1 and 30seconds
    *: Mandatory fields
  7. Click Fetch Custom Attributes.
    The attributes available for the CA account will be fetched from the Certificate Authority along with the CA and profile names. A pop-up message is displayed as CA and profiles fetched.
  8. Click Save.
    In the CA instance inventory, the connection status is initially set to In Progress. Twice after this, this status is automatically checked and refreshed every 5 seconds. Once the CA instance is successfully configured, the status is updated to Success. Status checks after the first two times have to be done via a manual refresh.
    Note: In case the connection fails, you can manually verify the connection status by clicking the Check button in the Connection Status field.

Manually Validating the Entrust CA Connection Status

  1. Go to (Menu) > CERT+ > ADMINISTRATION > Certificate Authority.
  2. From the displayed CA, Select Entrust.
    The Entrust home page is displayed.
  3. In the Status column of the grid with the listed accounts, click Check to validate the CA setting that has been created.
    The CA communication will be validated and the Connection Status will be shown as either Success or Failure.

References

Vendor documentation for retrieving Entrust prerequisites:
  • Entrust REST PKI Guide

    Downlad the Entrust REST PKI Guide and refer to the section Authentication > TLS with client certificate authentication.