AWS

  1. On the certificate holistic view, click Add Connector.
  2. Enter the General Information for the connector.
    Table 1. Field descriptions for the connector General Information
    Field Description
    *Category From the dropdown list, select Cloud.

    If the certificate being pushed was enrolled with CSR generation at endpoint, this field is auto populated with the category selected at the time of certificate enrollment.
    *Vendor From the dropdown list, select AWS.

    If the certificate being pushed was enrolled with CSR generation at endpoint, this field is auto populated with the vendor selected at the time of certificate enrollment.
    Service Types From the dropdown list select, one of the following:
    • ACM
    • IAM
    • Cloudfront
    • ELB
    • SM
    *Connector Name Enter a name for this connector, to be able to identify it later.
    Tip: AppViewX recommends naming connectors according to use cases so they are easily distinguishable.
    Description Enter any additional details you want to record for this connector.
    Based on the information entered here, the SSL templates section is populated with the list of available AWS cloud devices already onboarded in AppViewX.
  3. To select the device(s) to which the certificate will be pushed, under SSL templates, from the list of Available Devices, for the required device(s), click .
    The Selected devices list is updated automatically.
  4. Enter the Certificate Details.
    Table 2. Field descriptions for the Certificate Details
    Field Description
    *Certificate Type From the dropdown list, select the file type of the certificate to be pushed.

    For the AWS Secrets Manager (SM) service, currently, only PEM certificates are supported.
    *Certificate Location For CloudFront, certificates can be stored in either AWS Certificate Manager (ACM) or AWS Identity and Access Management (IAM).

    From the options given, select the certificate location.
    Certificate ARN The ARN (Amazon Resource Name) is a unique identifier assigned to each certificate that is managed by ACM. It is used to reference the certificate in API calls, policies, and so on.

    In this field, enter the ARN of the certificate to be pushed.
    *Certificate File Name In this field, enter the file name of the certificate to be pushed. The file extension is auto-populated based on the Certificate Type selected.
    *Secret name For the AWS Secrets Manager (SM) service, enter the descriptive secret name assigned in the AWS Secrets Manager.
    Push Root and Intermediate Certificates To push the root and intermediate certificates, along with the end certificate, select this checkbox.

    For AWS, this field is enabled by default and is non-editable.
    Default Certificate In the event that a certificate cannot be pushed, a default certificate is pushed as a fall back option.

    To enable this, select the Default Certificate checkbox.
  5. Enter the Certificate Tags.
    A certificate tag is a label that you can assign to a certificate. To capture any details relevant to a certificate, you can associate certificate tags with a certificate. Certificate tags are key-value pair attributes that you can pass when you assume an IAM role or federate a user in AWS STS. These tags will be pushed along with the certificate to the endpoints. On certificate discovery, the tags associated with the certificate will be populated in the certificate inventory.

    To enter the certificate tags:

    1. Enter Key and Enter Value, in the respective fields, for the tag.
    2. Click Add.
      The tag, as a key-value pair, is listed in the table shown below the fields.
  6. Enter the Push Details.
    Table 3. Field descriptions for the Push Details
    Field Description
    *Script Location Script files are commonly used to perform certain tasks required to be completed before and/or after a certificate is pushed to the target system.

    The script to be run before the certificate is pushed is called a pre-push script and the script to be run after the push is called a post-push script.

    From the following options, select the location of the script file(s):

    • In AppViewX
    • In Device
    Pre - Push Script File Name Enter the file name of the pre-push script.
    Important: Read the pre and push script usage instructions here.
    Pre - Push Script File Path This field is displayed when Script Location = In Device.
    Enter the location on your local system where the pre-push script file is stored.
    Important: Read the pre and push script usage instructions here.
    Post - Push Script File Name Enter the file name of the post push script.
    Important: Read the pre and push script usage instructions here.
    Post - Push Script File Path This field is displayed when Script Location = In Device.
    Enter the location on your local system where the post-push script file is stored.
    Important: Read the pre and push script usage instructions here.
    Push Automatically To automatically push the certificate after it is renewed/reissued to the target system, enable this checkbox.
    Note: The auto push feature for a certificate works only if enabled for the certificate application connector as well the associated certificate group. To enable this feature at the certificate group level, refer the instructions here.
  7. Click Save.
    The connector is displayed on the certificate holistic view.