Enable mTLS
To secure communication between the tenant and the Cloud Connector, mTLS must be enabled during installation. Previously, this required the AppViewX team to :
- Generate root and client certificates.
- Upload the certificates to the Cloud Connector.
- Manually enable the relevant WAF rule in Cloudflare.
To streamline this process, the Enable mTLS action in the tenant inventory is used to trigger the workflow that automates or guides these steps, ensuring secure and consistent configuration during Cloud Connector deployment.
To enable mTLS for cloud connectors,
-
From the Tenant Management Inventory, select the checkboxfor the
required tenant, and from the enabled Action dropdown, select Enable
mTLS.
The RequestEnable mTLS Certificate in Cloud Connectors :: FormBuilder page is displayed.
-
From the mTLS Details section, enter/select from the following
fields:
Field Description *Select the action to perform? Select from the following options: - Enable MTLS
- Upload Client cert to CC
*CC Agents Select the CC agents from the dropdown. *: Mandatory fields -
From the Tenant Details section, enter/select from the following
fields:
Field Description *Tenant Name Enter the tenant name. *Tenant Id Enter the tenant id. *Tenant Username Enter the tenant username. *Tenant Password Enter the tenant password. *Provisioning Gateway URL Enter the tenant’s provisioning gateway URL. *MSP Mode Enter the MSP’s mode. *: Mandatory fields - In the Notification Details section, enter the *Email Id to whom the workflow success or failure email is sent.
-
Click Submit.
The workflow executes in the following stages:
- The root certificate is created via API and uploaded to Cloudflare.
- The active CCs are fetched for the tenant and installed.
- For each CC the client certificates are generated.
- The enable WAF workflow rule is executed to add the WAF rule in the Cloudflare.
Note:
Disable mTLS: mTLS can be disabled by the AppViewX SRE team upon request. Please reach out to the SRE team to initiate the mTLS disablement process.
