Home
CERT+
Automate certificate lifecycle management including issuance, discovery, renewal, and deployment, across public and private trust CAs. Assess, prioritize, and plan your migration to quantum-safe encryption with the Quantum Trust Hub add-on module.
CERT+ Admin Guide
CA Policy
Configuring Policy Details

CERT+
Automate certificate lifecycle management including issuance, discovery, renewal, and deployment, across public and private trust CAs. Assess, prioritize, and plan your migration to quantum-safe encryption with the Quantum Trust Hub add-on module.
PKI+
Provision, govern and scale private trust certificates with a Post Quantum ready cloud based Enterprise PKI-as-a-Service.
SIGN+
Secure software, firmware, and containers with a comprehensive enterprise code signing solution.
SSH+
Control SSH access and key rotation at scale with an SSH key lifecycle management solution.
KUBE+
Unify DevOps and Security teams by managing certificates with a Kubernetes-native certificate lifecycle management solution.
DDI+
Manage domain registration, renewal, decommissioning, and other security controls with an end-to-end domain lifecycle management solution.
ADC+
Automate and orchestrate application delivery infrastructure at scale with an ADC lifecycle automation platform.
Platform
Manage policy and automation across all of the products and modules in the AVX ONE platform.
AppViewX Setup
Get detailed instructions for setting up AVX ONE in on-premises or SaaS deployments.
Release Artifacts
Review new features, fixes, and security advisories with official AppViewX release documentation.

Configuring Policy Details

Go to (Menu) > CERT+ > GROUPS & POLICIES > CA Policy.
The CA Policy page is displayed.
Note: CERT+ is packaged with the following: default policies Default and Certificate-Gateway.
Click + Create from the top-right corner of the page.
The CA Policy :: Create page is displayed.

Enter the Policy Details.

Table 1. Field description for Policy Details
Fields	Description
*Policy name	Enter a unique name for the CA policy. Only the following special characters are considered valid: ., -, and _. The policy name cannot start with a special character (including the valid ones).
Description	Enter a description of the policy.
*Policy Enforcement Type	Select Strict (default) or Suggestive. Strict - Enforces standards defined in the policy where a user cannot modify any parameters. Suggestive - Suggests policy parameters. A user can modify to the suggested values if required.
Certificate Requests Need Approval	To enforce peer approval process for any certificate requests raised, turn on the Certificate Requests Need Approval toggle. All CLM actions, such as certificate creation/renewal/regeneration/reissue/revocation, will now be executed after due approval is received. Peer approval for requests is defined in the approval workflow.
Enable Access to Private Key	When enabled, allows the user to download private keys from the holistic view.
Enable certificate push-bind access for a read-only user	Enabling this feature will allow a user from a read-only user group to perform certificate push, bind, and rollback operations from the holistic view.
Validate issuer and root certificate for compliance	Enabling this option will validate if the issuer and root of a certificate are also compliant with the standards defined in the policy.
Email Address mandatory for Client Certificate	Enabling this option will mark the email address field as a mandatory field during client certificate enrollment.
Enable Public Key Validation during CSR Upload?	To validate the public key included in the CSR uploaded for certificate enrollment, renewal, regenerate, or reissuance, turn on the Enable Public Key Validation during CSR Upload? toggle.
*: Mandatory fields

Note: You can configure the Policy Details section based on your organization's standards.

Under the Group selection section, select one or more groups to map to the policy.
Under the Compliance Check section, to perform an immediate compliance check, enable Perform Compliance check.

Note: A scheduled compliance check will run periodically based on the settings defined in the job scheduler.

AppViewX