SwissSign CA

Prerequisites

To configure a SwissSign CA account in AppViewX, you will need:
  • CA Base URL
  • Username
  • API key

    The SwissSign team manages user creation and access controls for users. Users must have a level of RAO (Registration Authority Officer) or higher to perform actions like issuing, revoking, updating, and viewing certificates.

    For links to detailed instructions to get the above information from Sectigo, see the References section.

  • Internet access or a proxy configuration for the AppViewX server. Refer the Managing Proxy Settings documentation in the Platform guides.

Configuring SwissSign CA

  1. Go to (Menu) > CERT+ > ADMINISTRATION > Certificate Authority.
  2. From the displayed CA, Select SwissSign.
    The SwissSign home page is displayed.
  3. Click the Configure Now button or +Add icon from the middle or top-right of the page respectively.
    The SwissSign CA configuration page is displayed.
  4. Update the following details in the General Information section as described in the table:
    Table 1. General Information - Field Description Table
    Fields Description
    *CA Account name Enter a unique name in the text field to identify the CA account and be represented during certificate enrollment and policy creation. No special characters other than ‘.’, ‘-’,’_’ are allowed. Names should not start with special characters.
    *Purpose/Usage Select the purpose of the certificate from the dropdown list for which CLM actions will be enabled.

    Example: Server, Client
    Proxy Required Enable this field if the CA communication needs to happen via Proxy. The proxy details configured in general settings will be used for communication.
    Data Center (AppViewX's CA agent) Select the data center through which the CA communication needs to happen.
    *: Mandatory fields
  5. Update the following details in the CA Configuration section as described in the table. These fields are necessary for invoking the CSC Global CA APIs for Certificate Management:
    Table 2. CA Configuration - Field Description Table
    Fields Description
    *CA Base URL Enter the base URL that will be used to construct the API request. The value is https://api.ra.swisssign.ch
    *Username Enter the service account username to communicate with the RA.
    *API Key Enter the API key which is a unique identifier used to authenticate the user. The value entered will be masked and encrypted.
    *: Mandatory fields
  6. Click Fetch Clients and Products.
    If the data provided is accurate the success message “Clients and Products fetched successfully“ will be displayed and a table is displayed with two columns - Client and Product Name (the product name is similar to the certificate profile).
  7. Update the following details in the Advanced Settings section as described in the table.
    Table 3. Advanced Settings - Field Description Table
    Fields Description
    *Poll after CSR submission Selecting the checkbox enables polling after CSR submission. It fetches the certificates immediately after CSR submission on enrollment, renew, and reissue with the retry count and retry frequency specified in the fields below.
    *Retry Count Enter a value between 1 - 10.
    *Retry Frequency Enter a value between 1 - 30 seconds.
    *: Mandatory fields
  8. Click Save.
    In the CA instance inventory, the connection status is initially set to In Progress. Twice after this, this status is automatically checked and refreshed every 5 seconds. Once the CA instance is successfully configured, the status is updated to Success. Status checks after the first two times have to be done via a manual refresh.
    Note: In case Fetch Clients and Products is not triggered before saving CA settings, this action can explicitly perform both these actions and update the CA.
    Note: In case the connection fails, you can manually verify the connection status by clicking the Check button in the Connection Status field.

Manually Validating the SwissSign CA Connection Status

  1. On the SwissSign CA page, the above configured CA will be displayed with a Check button in the last column of the table.
  2. Click Check to validate the CA setting that is created.
    The CA communication will be validated and the Connection Status will be shown as either Success or Failure.

References

Vendor documentation for retrieving SwissSign prerequisites:

Download the SwissSign CA RA Operator Manual.

In this PDF:
  • For the CA base URL, refer the section on Login with SwissID.
  • For the account username, refer the section on Account details.
  • For the API key, refer the section on Service API keys.