InCommon CA

Prerequisites

To configure a InCommon CA account in AppViewX, you will need:
  • Base URL and login URL
  • Username and password for the following roles:
    • Master Registration Authority Officer
    • Registration Authority Officer
  • Requisite credentials with access to certificate enrollment for InCommon Certificate Manager
  • Organization ID

    For links to detailed instructions to get the above information from InCommon, see the References section.

  • Internet access or a proxy configuration for the AppViewX server. Refer the Managing Proxy Settings documentation in the Platform guides.

Configuring InCommon CA

  1. Go to (Menu) > CERT+ > ADMINISTRATION > Certificate Authority.
  2. From the displayed CA, select InCommon.
    The InCommon home page is displayed.
  3. Click the Configure Now button or +Add icon from the middle or top-right of the page respectively.
    The InCommon configuration page is displayed.
  4. Update the following details in the General Information section as described in the table:
    Table 1. General Information - Field Description Table
    Fields Description
    *CA Account name A unique name to identify the CA setting.
    Note: No special characters other than ‘.’, ‘-’,’_’ are allowed. The name must not start with special characters.
    *Purpose/ Usage Certificate Type for which CLM actions will be enabled. Eg. Server, Client.
    Proxy Required Enable this field if the CA communication needs to happen via Proxy. The proxy details configured in general settings will be used for communication.
    Data Center (AppViewX's CA agent) Select the data center through which the CA communication needs to happen.
    *: Mandatory fields
  5. Update the following details in the CA Configuration section as described in the table. These fields are necessary for invoking the InCommon CA APIs for Certificate Management.
    Table 2. CA Configuration - Field Description Table
    Fields Description

    *Base URL

    		This URL will contain just the hostname of the InCommon CA instance. Eg -https://cert-manager.com/customer/<<customer_uri>>/ssl- here base URL is https://cert-manager.com.
    Note: No special characters other than ‘.’, ‘-’,’_’ are allowed. The name must not start with special characters.
    *Login URL URI specific to the InCommon CA Customer Account. Eghttps://cert-manager.com/customer/<<customer_uri>>/ssl- here URI is customer_uri.
    *User Name User name for the account created with InCommon CA.
    *Password Password for the account created with InCommon CA.

    *Organization ID

    		InCommon supports organization hierarchy. Id of the Organization Unit/Department in which Certificates need to be managed has to be specified here. CLM actions done using this CA account will be specific to this particular organization's id/department.
    *: Mandatory fields
    Note: If the certificates from multiple organization's units/departments need to be managed, then a separate CA has to be configured for each organization unit/department in the Incommon CA setting page.
  6. Select Fetch Certificate Types
    The Certificate types available for the CA account will be fetched from the Certificate Authority.
  7. Click Save.
    In the CA instance inventory, the connection status is initially set to In Progress. Twice after this, this status is automatically checked and refreshed every 5 seconds. Once the CA instance is successfully configured, the status is updated to Success. Status checks after the first two times have to be done via a manual refresh.
    Note: In case the connection fails, you can manually verify the connection status by clicking the Check button in the Connection Status field.

Manually Validating the InCommon CA Connection Status

  1. Go to (Menu) > CERT+ > ADMINISTRATION > Certificate Authority.
  2. From the displayed CA, select InCommon.
    The InCommon home page is displayed.
  3. In the Status column of the grid with the listed accounts, click Check to validate the CA setting that has been created.
    The CA communication will be validated and the Connection Status will be shown as either Success or Failure.

References

Vendor documentation for retrieving InCommon prerequisites:

Download the InCommon Certificate Manager Quick Start Guide.

In this PDF:
  • For the base URL and login URI, refer the section to Log in to InCommon CM.
  • To create an oragnization, refer the section to Create Organizations and Departments. Once you've created an organization, InCommon will assign you an organization ID.

    To review the organization details in the SCM, navigate to Organizations, select the organization in the list, and click Edit. This displays the Edit Organization dialog box.

  • To create administrator roles, such as MRAO and RAO, refer the section to Add Administrators.
    Ensure that these roles have the following privileges:
    Privileges
    Allow SSL details changing Enables the new MRAO, RAO SSL, and DRAO SSL to change the details of SSL certificates by navigating to Certificates > SSL Certificates.
    Allow SSL auto approve SSL certificates requested by the MRAO are automatically approved, and those requested by a RAO SSL and DRAO SSL are automatically approved by the administrator of same level and await approval from higher level administrator.
    To review the administrator details in the SCM, navigate to Settings > Admins, select the administrator in the list, and click Edit. This displays the Edit Client Admin dialog, Add/Edit the necessary privileges and click Save.