Skip to main content

How to configure a Standalone CA

To configure a Standalone CA, you must first create a Standalone CA then assign it to your desired resources:

Paid feature

Standalone CAs are a paid feature. Please contact your Aembit representative for more information about pricing and implementation.

Prerequisites​

  • Aembit Role with the following Read/Write permissions:

    • Standalone Certificate Authorities

    • Client Workloads

    • Resource Sets

Optional

If you've never configured Standalone CA for TLS Decrypt before, Aembit recommends that you read Standalone CA behavior to familiarize yourself with how Standalone CAs interact with Resource Sets.

How to create a Standalone CA​

Follow these steps to create a Standalone CA:

  1. Log into your Aembit Tenant, and go to Edge Components -> TLS Decrypt.

  2. In the top right corner, select the Resource Set where you want your Standalone CA to reside.

    TLS Decrypt screen with Standalone Certificate Authorities list

  3. In the Standalone Certificate Authorities section, click + New.

    This displays the Standalone Certificate Authority pop out window:

    New Standalone Certificate Authority pop out window

  4. Enter a Name and optional Description.

  5. Select the lifetime you desire from the Leaf Certificate Lifetime options dropdown.

  6. Click Save.

    Aembit displays your new Standalone CA in the Standalone Certificate Authorities table.

Assign a Standalone CA to a Resource Set​

  1. Log into your Aembit Tenant, and go to Administration -> Resource Sets.

  2. Click the Resource Set that you want to assign a Standalone CA, then click Edit.

    Or follow Create a new Resource Set to create one.

    Edit Resource Set screen with Standalone Certificate Authority section

    info

    If you don't see the Standalone CA that you want to assign, the Standalone CA may reside in a different Resource Set.

  3. In the Standalone Certificate Authority section, select the Standalone CA you want to assign to the Resource Set.

  4. Click Save.

Assign a Standalone CA to a Client Workload​

  1. Log into your Aembit Tenant, and go to Client Workloads.

  2. In the top right corner, select the Resource Set where the Standalone CA you want to assign resides.

warning

It's crucial that you select the correct Resource Set, or you may not see your Standalone CA when assigning it. Or worse, you may assign the wrong Standalone CA to your Client Workload.

  1. Select the Client Workload you wan to assign the Standalone CA to, then click Edit.

    Edit Client Workload screen with Standalone Certificate Authority

  2. In the Standalone Certificate Authority section, select the Standalone CA you want to assign to the Client Workload.

  3. Click Save.

Additional resources​