Home
CERT+
Automate certificate lifecycle management including issuance, discovery, renewal, and deployment, across public and private trust CAs. Assess, prioritize, and plan your migration to quantum-safe encryption with the Quantum Trust Hub add-on module.
CERT+ Admin Guide
Auto-Enrollment Protocols
WAEP
CEP/CES
AppViewX WAEP Configuration
System Requirements and Service Account Configuration

CERT+
Automate certificate lifecycle management including issuance, discovery, renewal, and deployment, across public and private trust CAs. Assess, prioritize, and plan your migration to quantum-safe encryption with the Quantum Trust Hub add-on module.
PKI+
Provision, govern and scale private trust certificates with a Post Quantum ready cloud based Enterprise PKI-as-a-Service.
SIGN+
Secure software, firmware, and containers with a comprehensive enterprise code signing solution.
SSH+
Control SSH access and key rotation at scale with an SSH key lifecycle management solution.
KUBE+
Unify DevOps and Security teams by managing certificates with a Kubernetes-native certificate lifecycle management solution.
DDI+
Manage domain registration, renewal, decommissioning, and other security controls with an end-to-end domain lifecycle management solution.
ADC+
Automate and orchestrate application delivery infrastructure at scale with an ADC lifecycle automation platform.
Platform
Manage policy and automation across all of the products and modules in the AVX ONE platform.
AppViewX Setup
Get detailed instructions for setting up AVX ONE in on-premises or SaaS deployments.
Release Artifacts
Review new features, fixes, and security advisories with official AppViewX release documentation.

System Requirements and Service Account Configuration

A valid Service Account with the below permissions
- Enterprise Admin
- Domain Admin
- Remote Management Users
- Administrator
- Domain User
Service account name
Ensure that the service account’s full name is the same as the login name as shown:
CC Service Setup
- Install ACME-HTTPS and SCEP-HTTP services on the CC.
- Configure WAEP in the AppViewX GUI specific to CC.
Domain Machine Requirements
- SaaS Setup
  - Outbound Calls
    - Port 30020 for unidirectional communication from domain machines to CC.
    - Port 30022 for CRL verification.
  - Inbound Calls
    - Port 5985 for auto-fetch requests from CC to the CEP machine.
- Onprem Setup
  - Outbound Calls
    - Port 31443 for unidirectional communication from domain machines to CC.
    - Port 30022 for CRL verification.
  Note: Auto fetch/lift and shift functionalities are only supported in the SaaS model.
Domain and Connectivity
- CEP must be in the same domain as the AD, with connectivity to the AD server.
- Ensure a valid DNS record for the CC/AppViewX node exists in domain machines.
Certificate and Trust Configuration
- Bind a valid certificate to the CC/AppViewX Node, ensuring it is trusted by the Windows domain machines.
- Download the issuer PKIaaS CA certificates (intermediate and root) and enable trust on the Windows domain machines as shown:
  1. Log onto the AD machine using your service account.
  2. Move the root and intermediate certificates that need to be trusted to the appropriate location.
  3. Open the command prompt with administrator privileges.
  4. To publish the Issuing CA certificate, run:
```
certutil -dspublish -f <PathToCertFile.cer> SubCA
```
  5. To publish the Root CA certificate, run:
```
certutil -dspublish -f <PathToCertFile.cer> RootCA
```
  6. Run the following command to force a policy update and push the certificates to the domain machines:
```
gpupdate /force
```

AppViewX